问题
Presented alongside a polling facility on a webpage is the following input fields that enables the visitor (voter) to enter their details in a raffle for a hamper as a reward for their effort in taking part in the poll.
The raffle entry form script is not attached to the poll script. All inputs in the raffle entry form script are validated and the info is sent to a flatfile. It is a short poll lasting only 7 days on different topics that might arise from time to time for a small town forum. (ip is also collected)
Name :<input type="text" name="visitor" /><br /><br />
Email :<input type="text" name="visitormail" /><br /><br />
Phone :<input type="text" name="visitorphone"/><br /><br />
On submission the 'Thank You' page advises the visitor that their details will be used once in the raffle for the hamper. In other words the visitor could go back and fill in the form again and submit, requiring that I check for and weed out multiple entries from the flatfile before completing the Random Number draw for the hamper!
The Question Is there a simple way to install something that prevents the visitor from attempting multiple entries into the draw?
回答1:
I would log the IP as well (see $_SERVER variable). Then you can narrow down duplicates by IP. Not always the most fool proof method.
Another approach could be a cookie.
回答2:
I agree with @David Barker in that people will probably find a way around whatever you put in place unless you log them in and have a user id for them. However, I don't agree with him that the answer is 'yes'. I think the answer is 'no'.
I can't see any way that you can stop a visitor submitting slightly different information in multiple entries. Unless you ask for and verify their social security, passport or driver license number. In fact the same probably goes for avoiding multiple accounts on a system that logs people in.
So, you may have to accept that people may have multiple entries into the draw or give up on it.
Sorry for the negative answer, but I really can't see how you can achieve what you want without huge resources at your disposal.
Edit to explain my arguments further:
1 - Use name as filter
I have a simple name 'Paul White', there are thousands, if not millions, of Paul Whites, so limiting to one is not realistic.
2 - Use IP address
All I have to do is diconnect my router from my ISP and then re-connect. Hello, new IP, second entry into raffle. Or logmein to my old mum's computer - same result. You cannot prevent multiple entries, period.
3 - Use phone number
I also have 2 mobile phones a land line number and a skype number (I travel a lot), I could use a different one each time.
4 - Use house number plus post code
In the UK (I don't know about anywhere else, but suspect it's similar) one post code applies to a number of houses. However, say my house number is 16, I could submit an entry as 16, 16a, 16b... and the address would still be valid and anythinh mailed to it would still get to me.
5 - Similar arguments relating to minor manipulations for anything else you can think off
回答3:
I presume you are storing the data into the database. Then you can choose one item, that has to be unique (I'd recommend a phone #) and make its column a uniqe key. Therefore the multiple insertions to the database would fail (you have to check the phone # format beforehand and standardize it before the actual insertion, but this is completely different problem).
回答4:
If users have to login to vote then you could just save the user_id and check to see if they've already voted. Or, if they are anonymous you could do an IP number check $_SERVER['REMOTE_ADDR ']. Or, you could save a cookie upon submission.
回答5:
The answer is yes, but you can only hold people back so much with the data you are given. People will (if inclined) find a way to get themselves entered multiple times into a competition.
I would have a script that read from the flatfile and returned true if key input data matches data already held on file.
e.g.
$input = $_REQUEST['post_data'];
$fp = fopen("poll.txt","r");
while ($ln = fgetcsv($fp, 1000, "\t") !== FALSE) {
if ($ln[4] == $input['post_data']) {
// Set exists to true
$exists = TRUE;
}
}
// Check if $exists == TRUE {
// return false;
// Else {
// write new data to file.
// }
This considers that your flatfile is delimetered by /t for each 'cell'.
Also to consider: $ln[x], where x = position of the data on each line of the file.
回答6:
You can easily solve this using the email as the key. If you're using a database you could do a quick check to see if the email exists, like
"SELECT COUNT(visitoremail) FROM users WHERE LOWER(visitoremail) = '" . strtolower($_REQUEST['visitormail']) . "';
If the result is greater than zero, you wouldn't add them to the database. Similarly, if the count was equal to zero, then you would do an INSERT with your new data.
Another way would be to store all the entries in your database regardless. Then, either "SELECT DISTINCT visitoremail FROM users ..." or select all the emails into a PHP array, and then do an array_unique(visitoremails) to get the unique emails.
回答7:
If you disable the submit button in the onclick event, the visitor will have to refresh the page for resubmitting your form.
You can do something like:
var btn = document.getElementById("button-id");
btn.onclick = function() {
btn.disabled = 'disabled';
}
来源:https://stackoverflow.com/questions/8099388/prevent-multiple-entries-using-php