SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Enthusiast
    Join Date
    Dec 2003
    Location
    Bishkek
    Posts
    74
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    How to identify user

    I have some web service where each user can post only 5 messages per day. I made already the mechanism but how to identify users?
    Using IP is bad for proxy users
    Cookies are deletable %) I can post 5 messages than delete cookie and post another 5 and so so so...
    What to do? How to identify users?

  2. #2
    SitePoint Guru
    Join Date
    Dec 2003
    Location
    oz
    Posts
    819
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    as far as I know you can only do it if you only allow msg posts by logged in users.

  3. #3
    SitePoint Addict
    Join Date
    Mar 2002
    Location
    Michigan
    Posts
    260
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    MySQL = user database
    User tracking = sessions
    Handling Code = PHP


    It's that simple!!

    For a login, use SQL syntax similar to:
    PHP Code:
    $query mysql_query("SELECT * FROM users WHERE username = '$_POST[username]' AND password = '$_POST[password]'",$db); 
    You'll have to define some messages for logging in, wrong password or user does not exist. Then turn their login info into a session.

    PHP Code:
    $_SESSION['user'] = $row['username'];
     
    $user $_SESSION['user']; 
    Then $user would be your variable to refering to the username. Add more information to the database, then anytime whole browsing a page you can call to that information like:

    PHP Code:
    $query mysql_query("SELECT firstname, lastname FROM users WHERE username = '$user'",$db); 
    It's quite easy! Just make a file to include as a security file that needs to be included in every protected page. It would be a file looking like this:

    PHP Code:
    if(!isset($user)) {
       
    header("Location: accessdenied.php");
    } else {
       
    header("Location: logged.php");

    That's truly a simple example. Here's a great article and script right from SitePoint!

    http://www.sitepoint.com/article/319

  4. #4
    Wanna-be Apple nut silver trophy M. Johansson's Avatar
    Join Date
    Sep 2000
    Location
    Halmstad, Sweden
    Posts
    7,400
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    You need a user authentication system for this, preferably with email validation on each account. It's basically the most effective solution at the moment.

    Unfortunatly, that is still lacking - a person can still register for extra accounts with a little effort. This is a lacking of the Internet infrastructure, and not something that is circumventable in any simple manner.
    Mattias Johansson
    Short, Swedish, Web Developer

    Buttons and Dog Tags with your custom design:
    FatStatement.com

  5. #5
    ********* Wizard silver trophy Cam's Avatar
    Join Date
    Aug 2002
    Location
    Burpengary, Australia
    Posts
    4,495
    Mentioned
    0 Post(s)
    Tagged
    1 Thread(s)
    A method that would work might be to set a cookieand store the users IP, browser/OS, contents of their HTTP_ACCEPT header along with perhaps a few other things you can get from them in a database. Then pull the info and make it so like if 3 or 4 of the criteria match then it is the same user, else it's a different user. That way they can delete the cookie and if the other info matches it'll still identify that they're a repeat visitor. Same for people behind routers although can't you find out their IP from
    PHP Code:
    echo( $_SERVER['HTTP_X_FORWARDED_FOR'] ); 
    ..or something similar to that?

  6. #6
    SitePoint Enthusiast MadDog31's Avatar
    Join Date
    Nov 2003
    Location
    Wilmington, NC
    Posts
    88
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I know this seems basic and still allows to be circumvented, but make sure you only allow unique e-mail addresses for sign-ups, also noting that you'd have to do some sort of e-mail authentication for a link for them to follow to complete registration, etc.

    Ian
    "It's way better to have 100 idiot clients than to have one idiot boss."


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •