Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
243 views
in Technique[技术] by (71.8m points)

Issue with Cookies (PHP)

I'm having a realing strange issue. Well, on my website i have a feedback and comment system, both use cookies to prevent people send a lot of comments (mass spam), blocking write a comment or feedback a post for example 30 seconds. If they disable cookies they can't comment or feedback. I use the system with a JQuery script using an process in PHP to don't refresh the page.

First problem - For some reason, on localhost (hosted in my house) it works fine, blocking people. But on host, if i upload the scripts (if i want to do an update, for example), it stops work, i can comment as much as i want, it will not block. But it's just on my computer (as i tested, on my brother's notebook and at my work works fine) I also tested on IE, Firefox and Chrome. But after some days (random, 1-4) it starts to work fine. But if i update the script (even don't changing THAT script), backs the issue.

Second problem - On vote (feedback) and comment system, if the 'block system' works fine, it will block the user for 30 seconds. But, when i submit the comment, clicking very fast at the first second, it will submit twice. Like, do 2/3 (sometimes 4) times the same comment. But if i try to comment again before the 30 seconds, it will block. How can i prevent people do duplicates submits?

Here is some codes to you, it should help.

comments.php

if (isset($_COOKIE["AbleCookie"])) //prevent disabled cookies
{
    if (!isset($_COOKIE["time"])) //verify if the cookie time (to block comment) has been set
    {
        if (strlen($Comentario) != 0)
        {
            if (strlen($Comentario <= 500))
            {
              ob_start(); //need this?
              setcookie("time", "anyvalue", time()+$Segundos);
              ob_end_flush();

                if (isset($Usuario))
                {
                    $acharUsuario = "select query";
                    $resultado = mysql_query($acharUsuario, $conexao) or die (mysql_error());
                    $ExisteUsuario = mysql_num_rows($resultado);

                    if ($ExisteUsuario != 0)
                    {
                        $UsuarioID = mysql_result($resultado, 0, 'id_usuario');

                        $InserirComentario = "insert query";
                        mysql_query($InserirComentario, $conexao) or die (mysql_error());

                        $Mensagem = "Correct";
                    }
                }
                else
                {
                    $InserirComentario = "insert query";
                    mysql_query($InserirComentario, $conexao) or die (mysql_error());

                    $Mensagem = "Correct";
                }
            }
            else
              $Mensagem = "<h3>Your comment must has less than 500 characters.</h3>";
        }
        else
          $Mensagem = "<h3>To comment something, you have to write something, right?</h3>";
    }
    else
      $Mensagem = "<h3>You just can do another comment after $Segundos seconds!</h3>";
}
else
  $Mensagem = "Something went wrong! Please, take a look on our <a href='../faq'><b>FAQ</b></a>!";

echo $Mensagem;
$Mensagem = "";

not-refresh.js

function InserirComentario(){
var uname = $('#PostComentario').val();
var postid = $('#CommentPostID').val();
var dataString = 'post_comentario='+ uname + '&comment_postid='+ postid;

    $.ajax({
        type: "POST",
        url: "sucess/comments.php",
        data: dataString,
        cache: false,
        success: function(result){
                    if (result=='Correct')
                {
                  document.getElementById("PostComentario").value = "";
                }
                    else
                {
                  $("#ComentariosFullPost").html(result);}
                },
        error: function(xhr, ajaxOptions, thrownError){
          alert("Error Status: " + xhr.status + " Thrown Errors: "+thrownError);
        }
    });}

Thanks in advanced.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

First off, don't use cookies to prevent a user state. They can be altered or in this case completely removed thus circumventing the applications ability to prevent input.

Switch it over to a quick PDO look-up to find out when the user posted - add a new column if you need to with the posts IP address and username - and validate against that.

Or use a JavaScript query to do a 30 second countdown to prevent the initial request and then the DB to prevent double clicking the button.

Do your best to stay away from cookies though unless you have too, they're too easy to manipulate and at a later date; get stolen.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...