[PHP&Mysql]How would you do this.

[Hidden]

Well some of you play those games , like Mu Online, and maple story etc.
And you know how they want to you to vote every 13 hours right?
Well i was making a webpage, were the player could get vote points. But i don't know what to use to make it so that they can only vote every 13 hours. Otherwise, people can keep refreshing and getting vote points.
I was thinking of using cookies, but anyone could edit them. I think its releated to the timestamp option in mysql?

 

[EliteGM]

Maybe create a guest table in mysql, put the IP in there, and the info for if they clicked it already, and when etc. ?
So columns:

`id` (always good to have)
`ip`
`vote_points`
`last_vote`

 

[Daevius]

If you make it account based, it's easy, but I suppose you don't have that. In that case you will want to work with a table that stores all votes of the last 13 hours, with the responding IP addresses, then simply check if the current IP address is present in the table, if so he can't vote again.

Be sure that before you check if his IP is in the DB, you remove all rows where the time is 13 hours or more before the current time.

 

[EliteGM]

Yeah that's sortta what I meant but you explained it better ;D

 

[Hidden]

Yah, but is it possible for the ip's to automatically be erased after 13 hours?
Cause i could do it manually, and cron jobs don't work =/

 

[EliteGM]

Just include in your config.php or anything the code for it..
5mins let me work sumthing up.
Save the time with the PHP function time() then.

EDIT, code:

<?php
//mysql connection etc.
$time         = time();
$thirteen_hrs = 46800; //seconds!!
$thirteen_ago = ($time-$thirteen_hrs);
$delete_user  = mysql_query("DELETE FROM `table` WHERE `last_visit` <= '$thirteen_ago'");

	if (!$delete_user)
	{
		die(mysql_error());
	}
?>

 

[Hidden]

true, but thats only called IF someone visits the page. Am i right or wrong?
Btw thanks :]

 

[Daevius]

Yeah, it will only be erased whenever SOMEONE visits your page. This is the easiest way and is quite effective for low amounts of visits.

 

[EliteGM]

I'd have no idea what else to do.

 

[FragFrog]

For MMO Toplist, an old website I once wrote that did the same thing, I used a combination of both (session) cookies and IP logs.

Whenever someone tried to vote I put in a check to see if either his last vote cookie was made less then 13 hours ago, or if his IP address was used to vote in that particular section (it had a seperate section for each game) within the last 13 hours. In your table you can add a column to record the time, then it is simply a matter of subtracting 13 (hours) * 60 (minutes) * 60 (seconds) from the current time and see if that is bigger or smaller than the vote timestamp.

Checking both a cookie and an IP address will shut down the bastards that try to vote using proxies but who forget to erase their cookies and vice versa. Worked quite well too, a few chinese idiots aside that used whole ip ranges to vote :icon6:

If you can't figure that out by yourself you ought to realise that there are a very great many voting websites out there and if you want to seperate your site from others you'll have to be better than them - so you might want to improve on your coding skills first

 

[Hidden]

For MMO Toplist, an old website I once wrote that did the same thing, I used a combination of both (session) cookies and IP logs.

Whenever someone tried to vote I put in a check to see if either his last vote cookie was made less then 13 hours ago, or if his IP address was used to vote in that particular section (it had a seperate section for each game) within the last 13 hours. In your table you can add a column to record the time, then it is simply a matter of subtracting 13 (hours) * 60 (minutes) * 60 (seconds) from the current time and see if that is bigger or smaller than the vote timestamp.

Checking both a cookie and an IP address will shut down the bastards that try to vote using proxies but who forget to erase their cookies and vice versa. Worked quite well too, a few chinese idiots aside that used whole ip ranges to vote :icon6:

If you can't figure that out by yourself you ought to realise that there are a very great many voting websites out there and if you want to seperate your site from others you'll have to be better than them - so you might want to improve on your coding skills first

but techically. can't they delete their cookies, use a cookie editor to remove sessions. and use a proxy to bypass that?
Unless, you some how blocked their ip even when they are using a proxy.

 

[RisingKing2010]

<?
$config['banned']=array(//add ips to be banned after this
'0.0.0.0'
);
if (in_array($_SERVER['REMOTE_ADDR'],$config['banned'])||in_array($_SERVER['HTTP_X_FORWARDED_FOR'],$config['banned']))
{
die("Your IP has been banned. You are no longer allowed to access our site unless the ban is lifted.");
}
?>

thats a simple way to block IPs using a proxy, $_SERVER['HTTP_X_FORWARDED_FOR'] is set as the user's real IP when a user uses a proxy so you can use that to detect proxies

 

[Hidden]

echo"Access Granted";
echo("<br>".$_SERVER['REMOTE_ADDR']."<br>");
echo ($_SERVER['HTTP_X_FORWARDED_FOR']);

I get:
Access Granted
64.131.77.96

 

[RisingKing2010]

echo"Access Granted";
echo("<br>".$_SERVER['REMOTE_ADDR']."<br>");
echo ($_SERVER['HTTP_X_FORWARDED_FOR']);

I get:
Access Granted
64.131.77.96

$_SERVER['HTTP_X_FORWARDED_FOR'] is not set when u are not using a proxy...
when u are,
$_SERVER['REMOTE_ADDR'] is set as the proxy's address, and $_SERVER['HTTP_X_FORWARDED_FOR'] is set for yours (i assume that's 64.131.77.xx)
so try connect through a proxy and u will see results

 

[Hidden]

Yup,
when im using a proxy i get that, when im not i get my real ip.
But i never get my real ip and the proxie's ip using a proxy.

 

[RisingKing2010]

hmmm... thats weird... idk, im sorta tired atm, its late here >.<

 

[FragFrog]

but techically. can't they delete their cookies, use a cookie editor to remove sessions. and use a proxy to bypass that?
Unless, you some how blocked their ip even when they are using a proxy.

Aye, but they'd soon run out of proxies and it's a lot of work

At the above posted proxy detection: only very few browsers actually set that field. That's right, it's a field the client sets, so it's about as dependable as a soap herring. If someone is smart enough to remove both his cookies and use a proxy, you can be fairly sure he's also smart enough to use a browser that doesn't set that header.

In fact, I could very easily write a script that used a list of HTTP Proxies to automatically vote, not storing any cookies and not setting that header, that would bypass just about any filter. I once worked on a huge intranet application that used Google's GeoCoder service to map addresses to lateral coordinates. This had a limit of 15.000 requests a day. Using some virtual hosts and a few lines of code we were able to randomly select a proxy and fire off in excess of 100.000 requests a day.

That being said, when someone does that it almost always shows - either there is a sudden rush of votes, or they're all coming from sequential IP adresses (like 81.32.13.1, 81.32.13.2, 81.32.13.3, 81.32.13.4, etc). For that purpose it's wise to log the client IP and time for each vote, so you can see exactly what happened. I have had to ban several servers from MMO Toplist that tried to cheat that way.

 

[Hidden]

Aye, but they'd soon run out of proxies and it's a lot of work

At the above posted proxy detection: only very few browsers actually set that field. That's right, it's a field the client sets, so it's about as dependable as a soap herring. If someone is smart enough to remove both his cookies and use a proxy, you can be fairly sure he's also smart enough to use a browser that doesn't set that header.

In fact, I could very easily write a script that used a list of HTTP Proxies to automatically vote, not storing any cookies and not setting that header, that would bypass just about any filter. I once worked on a huge intranet application that used Google's GeoCoder service to map addresses to lateral coordinates. This had a limit of 15.000 requests a day. Using some virtual hosts and a few lines of code we were able to randomly select a proxy and fire off in excess of 100.000 requests a day.

That being said, when someone does that it almost always shows - either there is a sudden rush of votes, or they're all coming from sequential IP adresses (like 81.32.13.1, 81.32.13.2, 81.32.13.3, 81.32.13.4, etc). For that purpose it's wise to log the client IP and time for each vote, so you can see exactly what happened. I have had to ban several servers from MMO Toplist that tried to cheat that way.

Hmm thats smart. Probably cause i modded my firefox a lot that it doesn't show my ip under a proxy.
Thanks

 

[RisingKing2010]

Aye, but they'd soon run out of proxies and it's a lot of work

At the above posted proxy detection: only very few browsers actually set that field. That's right, it's a field the client sets, so it's about as dependable as a soap herring. If someone is smart enough to remove both his cookies and use a proxy, you can be fairly sure he's also smart enough to use a browser that doesn't set that header.

hmm never knew that, I guess it makes sense though, so in other ***** that would only block some browser's use of proxies >.<... I always suspected that it would be too easy if that works so well.

 

[DestructiO]

Well here is my creation
Its for MuOnline , it uses SQL entries , you can use the way i did it and you will do a vote page for almost every game

http://forum.ragezone.com/f197/release-vote-reward-system-0-2-a-456783/