我正在开发一个允许用户对某些项目进行投票的 PHP 脚本。任何用户无论是否登录都可以投票。考虑以下情况:
如果是第一种情况,则无需记录 IP。现在,第二个案例让我发疯了,有点。我想知道用户可能会更改 IP,然后对同一项目再次投票。现在,即使我使用 Cookies 或 Session vars,也可能会发生用户正在启动新会话(或已删除 cookie)再次对同一项目进行投票的情况。
我错过了什么吗?如果没有,如何处理这种情况?有什么想法吗?
I would seriously consider use a Captcha, reCaptcha is a good choice.
You could restrict by IP address, but its possible for a number of people to share 1 ip address, such as a small school or business. Its also trivial to bypass because proxies are free and plentiful. Its also error prone because sometimes a load balancer will change the IP address during a session. If you really want to limit the number of vote per person your best bet is to require them to login to a user account and store the votes in your database.
首先,有几种方法可以使用 PHP 获取客户端的 IP 地址。以下是我知道的3种方法:
if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ipAddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else if (isset($_SERVER['HTTP_CLIENT_IP'])) {
$ipAddress = $_SERVER['HTTP_CLIENT_IP'];
} else if (isset($_SERVER['REMOTE_ADDR'])) {
$ipAddress = $_SERVER['REMOTE_ADDR'];
}
其次,如果您担心易失性存储,例如 cookie 或会话,最好有一个存储这些值的数据库表。它可以是一个包含 3 列的简单表:client_ip、item_id 和 date_created。这将允许您跟踪是否使用特定的 IP 地址为某个项目投票。
现在,我看到的唯一问题是客户端是否在工作并且坐在代理后面。所以,我猜你有几个选择,每个都有自己的优点和缺点。
您可以尝试使用evercookie,它有点难以清除