I have a page, it randomly displays 2 news, and the user selects the one that is better. Only 10 news.

After the voice, the data is sent to the POST request for the handle page, where +1 is entered in the database for the best news, then again the redirect is again to 2, other news already.

Question: how to protect rating news from cheating. POST request for the same news can be repeated a bunch of times ...

I will add: the user can vote indefinitely . But the news appears randomly. I need to protect only the repetition of the same POST request.

Note: On the site you need to do without registration

  • one
    And to implement in the database a column of IP addresses and compare with them? - Rimon
  • user can vote endlessly, but every time 2 random news - JL
  • You can store a couple of IP: ID-news, and if it already exists, then the voice does not count. - avp
  • the user has the opportunity to vote several times for the news, if she fell to him - JL
  • @Construct 3 hours ago already offered. I join. You pass a random key each time. Remember it. Accept only one answer (regardless of IP) with this key. - avp

3 answers 3

Implement user registration, it will be easier to work there already, you write it down in the database about the voter

  • 2
    IMHO, the most correct approach. - Oleg Arkhipov
  • 2
    Just in other variations, there is the possibility of cheating, such as changing IP, sessions, cookies and other things, but here it is a new registration (but I think he will come up with further) - Rimon
  • Unfortunately there will be no registration on the site. The point is that you can only wind up by repeating the same request, POST request. I thought maybe you need to generate some kind of key ... Can someone develop this topic? - JL
  • 2
    do for example time encryption is valid in md5 and you will get what you need by comparing. I read somewhere in the book, one programmer from Google wrote about it when the request is sent, md5 is generated - time, then it is compared in the handle, if the request is repeated, all the same these md5 will not match, but in other encryption technologies it is enough to choose your - Rimon
  • Do you mean take md5 (H: i: s) and transfer by fasting, and in the handle compare this value? - JL

Sorry, but very interested:

md5 (date ('H: i: s')) and pass by post, and in the handle compare this value.

And with what to compare? Each time will be different, therefore the request will pass each time. And what does time encryption generally mean? How it will help not to repeat 2 3 4 5 and so on request?

  • Thats exactly what I mean. - Oleg Arkhipov
  • So, I do time on js and send, and compare on the server. and all is wonderful. If for a second no longer ride. - JL
  • I have something like: md5 (my string + md5 (date (js))) and everything is fine +) - JL
  • And everything is clear now. But I just need to refresh the page and cast a vote and send md5 again (md5 (my line) + date (js)) and compare it with the server again with the same line and add a voice. As far as I understand, this can protect against third-party interference, since they will not know the md5 key (md5 (my string) + date (js)) - Sever
SELECT * FROM `news_table` WHERE NOT IN ( SELECT news_id FROM `voted_table` WHERE sesID=$SESID ) LIMIT 0,2 

the news_table table contains news, in the voted_table table we push the news id for which this user has already voted.

$ SESID is taken from the cookie. $ SESID create unique for each visitor. I think the easiest way. Again, if cookies are deleted, this method will be lame. I think somehow go in this direction.

  • I think it will be much faster to stir up something with the POST key ... Again: the user can vote for the news at least 1000 times, if it falls to him (randomly) - JL