how best to create a cookie for the user voting system to vote once

Asked

Viewed 362 times

2

this system for rating with stars is all working more I just wanted to create a cookie so that user vote only once every day tried several ways more the cookie is not generated

$(function(){
	var average = $('.ratingAverage').attr('data-average');
	function avaliacao(average){
		average = (Number(average)*20);
		$('.bg').css('width', 0);		
		$('.barra .bg').animate({width:average+'%'}, 500);
	}
	
	avaliacao(average);

	$('.star').on('mouseover', function(){
		var indexAtual = $('.star').index(this);
		for(var i=0; i<= indexAtual; i++){
			$('.star:eq('+i+')').addClass('full');
		}
	});
	$('.star').on('mouseout', function(){
		$('.star').removeClass('full');
	});

	$('.star').on('click', function(){
		var idArticle = $('.article').attr('data-id');
		var voto = $(this).attr('data-vote');
		$.post('votar.php', {votar: 'sim', artigo: idArticle, ponto: voto}, function(retorno){
			avaliacao(retorno.average);
			$('.votos span').html(retorno.votos);
		}, 'jSON');
	});
});
.barra{width:150px; height:30px; background:#ebebeb; position:relative;}
.stars{position:absolute; left:0; top:0; width:100%;}
.star{
	float:left; 
	width:30px; 
	height:30px;
	text-align:center; 
	position:relative; 
	cursor:pointer;
}
.star.full{background:linear-gradient(to bottom, #fee24f, #f4bb2f)}

.bg{float:left;height:30px; width:30%; background:linear-gradient(to bottom, #fee24f, #f4bb2f);}
.starAbsolute{
	position:absolute; 
	top:0; 
	left:0;
	width:100%; 
	height:100%; 
	background:url(../starpng.png) top left no-repeat; 
	background-size:cover;
}
<?php
	include_once "../Config.inc.php";
?>


<html lang="pt-BR">
<head>
	<meta charset=UTF-8>
	<title>pagina teste</title>
	<link href="<?= BASE; ?>/css/style.css" rel="stylesheet" type="text/css" />
                  <script  src="<?= BASE; ?>js/jquery-3.1.1.min.js"></script>
                  <script  src="<?= BASE; ?>/js/avaliations.js"></script>
</head>

	<body>
<?php
	$id_pro =1;
	$pegaArtigo = $pdo->prepare("SELECT * FROM `wc_app` WHERE id = $id_pro");
	$pegaArtigo->execute(array($id_pro));
	while($artigo = $pegaArtigo->fetchObject()){
		$calculo = ($artigo->pontos == 0) ? 0 : round(($artigo->pontos/$artigo->votos), 1);
?>

<span class="ratingAverage" data-average="<?php echo $calculo;?>"></span>
<span class="article" data-id="<?php echo $id_pro;?>"></span>

<div class="barra">
	<span class="bg"></span>
	<span class="stars">
<?php for($i=1; $i<=5; $i++):?>


<span class="star" data-vote="<?php echo $i;?>">
	<span class="starAbsolute"></span>
</span>
<?php 
	endfor;
	echo '</span></div><p class="votos"><span>'.$artigo->votos.'</span> votos</p>';
}
?>
</body>
</html>

require 'environment.php';
global $config;
$config = array();
if(ENVIRONMENT == 'development') {
	$config['dbname'] = 'megaki';
	$config['host'] = 'localhost';
	$config['dbuser'] = 'system';
	$config['dbpass'] = 'system';
} else {
	$config['dbname'] = 'megakico_megaki';
	$config['host'] = 'localhost';
	$config['dbuser'] = 'megakico_system';
	$config['dbpass'] = 'system302573';
}

try {

$pdo = new PDO("mysql:dbname=".$config['dbname'].";host=".$config['host'], $config['dbuser'], $config['dbpass'], [PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8"]);
}catch(PDOException $e){
	echo "conhexao ao banco de dados falhou".$e->getMessage();
}

3 answers

3

First you should understand what are all possible options you have at your disposal.

Cookies

It’s the simplest option to use. Your PHP script will set a cookie in the user’s browser with the date you voted, and each time he visits the site again you check if it has been 24 hours (or the time you want).

Perks

  • It is widely supported by all browsers, be they simpler or more advanced.
  • It is one of the simplest methods to implement, as the data is on the client side and the server needs only one check.

Disadvantages

  • User can change browser and vote again.
  • User can clear browser cookies and can vote again.
  • The user can edit the value of the cookie by breaking its logic easily.

Local Storage

It is an option for browsers that have support. The data is stored on the client side as well as in the case of cookies.

Perks

  • No server-side processing required.

Disadvantages

  • Like cookies, it can be manipulated easily by the user.
  • The voting logic will necessarily be on the client’s side, so the user can easily manipulate this to vote again.

IP storage

You save the user IP on the server and check each time it has reached the daily vote limit.

Perks

  • The user cannot easily manipulate the data, being able to change browser and clear cookies that the rule remains the same.
  • No need to worry about supporting more browsers, because even if you are cookie disabled, the rule still works.

Disadvantages

  • Higher infra cost as you will have to store the IP and the date of the last time you voted.
  • If the user is in a shared network, only one of them will be able to vote, so whoever is in Lanhouses will not be able to vote.
  • If the user changes his IP by restarting his Modem for example, he can vote again.

Conclusions

No technology is perfect, and they’re all going to suffer somehow. My recommendation is that you use the IP storage technique, because it ends up being the most expensive technique, but the one that guarantees you the greatest security. Obviously the cookie technique is also welcome, as normal users usually use only 1 browser.

Finally, you can also opt for a combination of techniques, storing the IP on the server and sending a cookie to the client. This way you have a slightly higher guarantee that you are not being scammed.

Observing: I’m considering that you want to make sure that anonymous users don’t vote twice. If you want to check whether a logged-in user has already voted twice, you can simply create an extra field in the database that stores this information and get rid of all other problems.

  • Remembering that more of user shares the same IP address, mainly with the use of CGNAT, ie has nothing to do with Lanhouses, but with the provider itself that makes several customers have the same Ipv4.

  • Inkeliz, did not know this technique of IP distribution. Thank you for indicating.

0

<?php

// Cria o cookie usuario só que irá durar 1 dia
setcookie('usuario', '[email protected]', (time() + (1 * 24 * 3600)));


?>

Okay, if the cookie exists, he can’t vote, if it doesn’t exist, he can vote.

  • What if I enter my browser settings and delete existing cookies?

  • If you do this, the user will cheat the system. Therefore it is recommended that for this case use a BD by saving a field for this

0

Good I do not know open voting system (for users not registered) that ensures data reliability.

If this is the case only with the use of cookies or data on localStorage in both cases can be easily circumvented or modified by breaking code logic.

In the case of registered users (and assuming session use or a stateless state) the item to be voted on must have entry in the database recording some user identifier that "voted" and always to achieve balloting check whether it has not already carried out such an operation.

The first logic would be to send the ID bad user, whereas when using javascript this can be swindled by a malicious user numerous times. To get around this you can send a tokem created during login and verified before inserting.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.