Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 1 of 2 12 LastLast
Results 1 to 15 of 17
  1. #1
    Regular Coder
    Join Date
    Aug 2008
    Posts
    133
    Thanks
    14
    Thanked 0 Times in 0 Posts

    how would i go about this in php?

    I'm trying to create a basic online petition and I want it to be fairly accurate so that people can only leave their signature once. The thing is, at the moment a user can still quite easily click 'back' ontheir browser after signing and sign the petition form again with any email address they want and it would be accepted.

    The only way (I guess?) is to make it a requirement that the user then validates their address by clicking a link which is sent to their email account.

    Is this something which is easily done in php? I suppose I'd need to send an automated email to each account and have a boolean type field for whether that user had validated their email? Then, in the 'view signatures' script only signatures which have validated=true are displayed/counted. Is this how it would be done and is it tricky to program?

    Is there an easier way ? Like recording an IP address (I know the difficulty with this is that some people have non static ip addresses). Just any other way would be preferable to email validation as I want this petition to be popular and emil verification can be a ot of work (making sure it isn't in spam, then validtaing etc).

    Thanks in advance.

  • #2
    Senior Coder DJCMBear's Avatar
    Join Date
    Mar 2010
    Location
    United Kindom
    Posts
    1,173
    Thanks
    14
    Thanked 136 Times in 136 Posts
    are you storing anything into a database? such as the email address.
    Official BinPress hand picked coder.
    For anyone worried about SQL injection go have a look at my small yet powerful script here.
    Go Pledge for Light Table, if it hit's $300,000 Python and other languages will get added.
    I am 1 of 65,608 people to get a Pebble Watch :P

  • #3
    Regular Coder
    Join Date
    Aug 2008
    Posts
    133
    Thanks
    14
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by DJCMBear View Post
    are you storing anything into a database? such as the email address.
    Yes, I currently have a php script which allows the user to post their name, country, email address and a comment to the database. I then have a basic 'guestbook style' script which displays the name, country an comment.

  • #4
    Senior Coder DJCMBear's Avatar
    Join Date
    Mar 2010
    Location
    United Kindom
    Posts
    1,173
    Thanks
    14
    Thanked 136 Times in 136 Posts
    so what is it are you trying to do?

    are you just trying to stop spam submitions?
    Official BinPress hand picked coder.
    For anyone worried about SQL injection go have a look at my small yet powerful script here.
    Go Pledge for Light Table, if it hit's $300,000 Python and other languages will get added.
    I am 1 of 65,608 people to get a Pebble Watch :P

  • #5
    Regular Coder
    Join Date
    Aug 2008
    Posts
    133
    Thanks
    14
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by DJCMBear View Post
    so what is it are you trying to do?

    are you just trying to stop spam submitions?
    Well, i just want to stop people from being able to leave as many signatures as they want under different names if they feel particularly strngly about the petition for any reason. I'd also like to prevent automated spam.

    Am I making sense?

  • #6
    New Coder
    Join Date
    Jun 2010
    Location
    The Netherlands
    Posts
    53
    Thanks
    0
    Thanked 6 Times in 6 Posts
    Quote Originally Posted by gh05 View Post
    Well, i just want to stop people from being able to leave as many signatures as they want under different names if they feel particularly strngly about the petition for any reason. I'd also like to prevent automated spam.

    Am I making sense?
    Store the IP address($_SERVER['REMOTE_ADDR']) in the database aswell.
    Then add a mysql_num_rows check fwith a select query on the IP, if the value of the num rows is 0, show the form, else hide it. Or if the value is 0, process & insert data, else redirect?

    ex:

    PHP Code:
    <?php
    // Need a mysql connection

    $q mysql_query("Select ip_address From table_name WHERE ip_address = '".$_SERVER['REMOTE_ADDR']."'");
    if(
    myssql_num_rows($q) == 0) {

    ?>
    <!--- FORM HERE !--->
    <?php
    } else {

    header('Location: view.php');

    }
    ?>
    (Quickly written)

  • #7
    Regular Coder
    Join Date
    Aug 2008
    Posts
    133
    Thanks
    14
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Candan View Post
    Store the IP address($_SERVER['REMOTE_ADDR']) in the database aswell.
    Then add a mysql_num_rows check fwith a select query on the IP, if the value of the num rows is 0, show the form, else hide it. Or if the value is 0, process & insert data, else redirect?

    ex:

    PHP Code:
    <?php
    // Need a mysql connection

    $q mysql_query("Select ip_address From table_name WHERE ip_address = '".$_SERVER['REMOTE_ADDR']."'");
    if(
    myssql_num_rows($q) == 0) {

    ?>
    <!--- FORM HERE !--->
    <?php
    } else {

    header('Location: view.php');

    }
    ?>
    (Quickly written)
    Thanks, but i thought doing it by IP address may stop those with similar IP addresses (i.e. people who work on large networks) from signing and also it wont prevent people who have ip addresses which regularly change from signing?

  • #8
    New Coder
    Join Date
    Jun 2010
    Location
    The Netherlands
    Posts
    53
    Thanks
    0
    Thanked 6 Times in 6 Posts
    Quote Originally Posted by gh05 View Post
    Thanks, but i thought doing it by IP address may stop those with similar IP addresses (i.e. people who work on large networks) from signing and also it wont prevent people who have ip addresses which regularly change from signing?
    Thats true, there is no real way to stop people from signing your petition multiple times.

    Ex. User uses ip 87.85.234.123 and email user@hotmail.com
    Then he changes email, and he submites with the same IP again.
    Or
    He changes email, and IP, and submits again.

    IP's can be changed, emails can be changed.

  • #9
    Regular Coder
    Join Date
    Aug 2008
    Posts
    133
    Thanks
    14
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Candan View Post
    Thats true, there is no real way to stop people from signing your petition multiple times.

    Ex. User uses ip 87.85.234.123 and email user@hotmail.com
    Then he changes email, and he submites with the same IP again.
    Or
    He changes email, and IP, and submits again.

    IP's can be changed, emails can be changed.

    So if I'm going to choose one method OR the other, would you say email or ip address validation is best? I kind of want to avoid email validation if possible because it's not as easy to sign up to and I want it to be quite popular.

    Thanks.

  • #10
    New Coder
    Join Date
    Jun 2010
    Location
    The Netherlands
    Posts
    53
    Thanks
    0
    Thanked 6 Times in 6 Posts
    You could create a script to check for an email addy in the database, and return users if they submit the same email. This won't stop spam tho.
    Last edited by Candan; 06-21-2010 at 11:12 AM.

  • #11
    Regular Coder
    Join Date
    Aug 2008
    Posts
    133
    Thanks
    14
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Candan View Post
    You could create a script to check for an email addy in the database, and return users if they submit the same email. This won't stop spam tho.

    Yep already did that thinking it would be enough but theres nothing to stop someone clicking 'back' and changing the email address slightly.

  • #12
    New Coder
    Join Date
    Jun 2010
    Location
    Germany
    Posts
    17
    Thanks
    1
    Thanked 1 Time in 1 Post
    you can additionally store a cookie and a session, when the user signs your petition.


    Morri

  • #13
    New Coder
    Join Date
    Jun 2010
    Location
    The Netherlands
    Posts
    53
    Thanks
    0
    Thanked 6 Times in 6 Posts
    Cookies and sessions can both be removed.

  • #14
    Senior Coder
    Join Date
    Jun 2008
    Location
    New Jersey
    Posts
    2,537
    Thanks
    45
    Thanked 259 Times in 256 Posts
    Yah, I deal with this issue on some sites too... there's no clear way of preventing it.

    IMO, the best is user confirmation... slows down the entire process and will lead to less signatures, but leads to more valid ones I've noticed.

    Cookies/sessions are useful too because while they can be removed, it usually means the person is fairly smart with a PC/the net, in which case if they're really intent on adding extra names, they'll find a way.

  • #15
    Senior Coder DJCMBear's Avatar
    Join Date
    Mar 2010
    Location
    United Kindom
    Posts
    1,173
    Thanks
    14
    Thanked 136 Times in 136 Posts
    The best way to do this is like you said in your first post by email and a link within the email as you can have a php query saying if the link hasnt been clicked then dont show the sig. You can do it with sessions or cookies but that can be edited by the user. You can also do a mysql checker to see if the email being used is already in the database.
    Official BinPress hand picked coder.
    For anyone worried about SQL injection go have a look at my small yet powerful script here.
    Go Pledge for Light Table, if it hit's $300,000 Python and other languages will get added.
    I am 1 of 65,608 people to get a Pebble Watch :P


  •  
    Page 1 of 2 12 LastLast

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •