0

我正在构建一个功能,允许用户每 24 小时只投票一次。

这是我的数据库结构

 id ip        timestamp           userid
  9 127.0.0.1 2013-06-27 16:52:49 35

我使用这个函数来获取用户客户端地址,我在 localhost 环境中,它一直给我 localhost ip 127.0.0.1 而不是我的公共 ip。有什么问题吗?

function get_client_ip() {
    $ipaddress = '';
    if (getenv('HTTP_CLIENT_IP'))
        $ipaddress = getenv('HTTP_CLIENT_IP');
    else if(getenv('HTTP_X_FORWARDED_FOR'))
        $ipaddress = getenv('HTTP_X_FORWARDED_FOR');
    else if(getenv('HTTP_X_FORWARDED'))
        $ipaddress = getenv('HTTP_X_FORWARDED');
    else if(getenv('HTTP_FORWARDED_FOR'))
        $ipaddress = getenv('HTTP_FORWARDED_FOR');
    else if(getenv('HTTP_FORWARDED'))
        $ipaddress = getenv('HTTP_FORWARDED');
    else if(getenv('REMOTE_ADDR'))
        $ipaddress = getenv('REMOTE_ADDR');
    else
        $ipaddress = 'UNKNOWN';

    return $ipaddress;
}

我对这个功能的逻辑有什么问题吗,我的想法是

1)首先查询表以查看用户的ip是否被持久化。如果是,他/她投票 2) 检查投票时间戳与当前时间戳,如果他的投票时间早于 24 小时,则允许他再次投票。

我关心的不是时间戳,而是ipaddress。我不知道我构建的功能是否足以获取他的 IP 地址,即使他在代理后面。

建议表示赞赏。谢谢

干杯

4

2 回答 2

1

I'm afraid but the only way to reliably determine if a user has already voted or not is to make them authenticate. Relying on the IP address won't work because the user can disconnect and reconnect to the internet and get a new IP or use a proxy. Relying on a cookie wont work either because a cookie can be easily deleted.

Anyway, if you want to stick with the IP address solution knowing that it wont work 100% check the solution to this question for a nice function to get the ip address: What is the most accurate way to retrieve a user's correct IP address in PHP?

于 2013-06-27T09:22:14.193 回答
0

为什么不设置cookie?您设置了 24 小时到期时间。我知道那不是 100% 安全的,但我可以轻松地重新连接到互联网以更改我的 ip,因此 ip 检查也是“不安全的”。

if $_COOKIE["alreadyVoted"] throw new Exception(...)

http://php.net/manual/en/features.cookies.php

http://www.php.net/manual/en/function.setcookie.php

希望这可以帮助。

于 2013-06-27T09:03:39.823 回答