I have a PHP script that I want a user to only have access to once a day. What is the best way to ensure that they can only access it once a day? I was thinking IP addresses but today most people have mostly random IP addresses and then I thought cookies, but cookies are easily modified right? Mabye a combination of the two will thwart most people. Can anyone give me some advice? Thanks. ~imozeb
If they have to log in it would just be a matter of logging the date that they last logged in. If that date = today then they don't get in. If they don't have to log in I would do it via IP address. Cookies are easy to clear. A user could also just use a proxy and get back in but that's about the best you can do.
When a visitor accesses - check the db for their IP, if their IP's not already in db; store their IP ($_SERVER['REMOTE_ADDR']) and Day (time()) to the db (and proceed with whatever the scripts meant to show per day), and keep doing the process on every visitor, if the visitors IP is in the db and the Day of the time (in db) is the same as current Day ( == time()) then give an error, else proceed.
But what the OP asked is the 'best way', cookies and sessions can be easily cleared via browser config. Whereas; although IP's can change, theirs more of a chance a cookie/session being cleared rather then an IP changed. Theirfore IP would be more reliable.
I thought a bunch of people now are using rotating IP's or something like that, so IP's aren't useful anymore? Is this true?
$_server['http_x_forwarded_for'] $_server['http_x_forwarded_host'] $_server['http_x_forwarded_server'] PHP:
The code posted by guardian999 will just help you detect a proxy. True anonymous proxies don't send any of those vars so they won't catch a lot of the proxies out there. To answer your original question I need a little more info. Do users have to log in to access this script or can anyone see it? It's much easier to limit access if they have to log in.
No people do not have to log in to use this script. It is basicly a poll and I don't want users to be able to spam it.
Without a login system, the best thing you could do is combine ip and cookies. It will eliminate the majority of people trying to vote more than once. There's no way to make a 100% secure voting system. An example of this is how the 4chan community managed to vote moot to be Time Magazine's World's most influential person.
Exactly! There is simply no way to make 100% sure a person is restricted from accessing your script only once a day! Cookie might be the easiest way in combination with IP loggin. But don't just block the IP for 24 hours, what if its an Internet Cafe, College, University, Public Hotspot where multiple users have the same IP? That can and will backfire sooner or later! A login system is the most secure way, but even then there is no guarantee that the user won't create multiple accounts.