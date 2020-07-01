Prevent user from voting twice with cookie

#1

Hi there, im hoping someone can help me with this. What i’m trying to do is prevent users from voting twice with cookies, ive tried to set several myself but none of them have worked. Any help would be amazing. Thanks.


 <?php
include 'functions.php';
// Connect to MySQL
$pdo = pdo_connect_mysql();



// If the GET request "id" exists (poll id)...
if (isset($_GET['id'])) {
    // MySQL query that selects the poll records by the GET request "id"
    $stmt = $pdo->prepare('SELECT * FROM polls WHERE id = ?');
    $stmt->execute([$_GET['id']]);

    // Fetch the record
    $poll = $stmt->fetch(PDO::FETCH_ASSOC);
    // Check if the poll record exists with the id specified
    if ($poll) {
        // MySQL query that selects all the poll answers
        $stmt = $pdo->prepare('SELECT * FROM poll_answers WHERE poll_id = ?');
        $stmt->execute([$_GET['id']]);
        // Fetch all the poll anwsers
        $poll_answers = $stmt->fetchAll(PDO::FETCH_ASSOC);
        // If the user clicked the "Vote" button...
        if (isset($_POST['poll_answer'])) {
            // Update and increase the vote for the answer the user voted for
            $stmt = $pdo->prepare('UPDATE poll_answers SET votes = votes  +1  WHERE id = ?');
            $stmt->execute([$_POST['poll_answer']]);

           
            // Redirect user to the result page
            header ('Location: result.php?id=' . $_GET['id']);
            exit;
        }
    } else {
        die ('Poll with that ID does not exist.');
    }
} else {
    die ('No poll ID specified.');
}


?>

<?=template_header('Poll Vote')?>

<div class="content poll-vote">
    <h2><?=$poll['title']?></h2>
    <p><?=$poll['des']?></p>
    <form action="vote.php?id=<?=$_GET['id']?>" onSubmit="disable()"  method="post">
        <?php for ($i = 0; $i < count($poll_answers); $i++): ?>
        <label>
            <input type="radio" name="poll_answer" value="<?=$poll_answers[$i]['id']?>"<?=$i == 0 ? ' checked' : ''?>>
            <?=$poll_answers[$i]['title']?>
        </label>
        <?php endfor; ?>
        <div>
            <input type="submit" name="submit" value="Vote">
            <a href="result.php?id=<?=$poll['id']?>">View Result</a>
        </div>
    </form>
</div>

<?=template_footer()?>
#2

I don’t see any of the cookie code in there. Maybe best to show the code you’ve tried.

Do you want to block / allow the poll in its entirety, or on a per-answer basis? That is, could the user answer five out of ten poll questions, then come back later and answer the other five, or is it all or nothing?

On a quick scan, I can’t see where the user is identified, or are you not concerned with that? What happens if the user clears their cookies, is it OK then for them to vote again?

#3

Hi there, this is the code i have tried to make it work with. it did set but im not exactly sure how to make it so the user only votes once, and to asnwer your question. its an all or nothing thing. just one vote then you’re done. Also no, it does not bother me if they refresh their cookies, they can revote again if they do that. This has no real use case. Thankyou.

$cookie_name = “id”;
$cookie_value =“id”;
setcookie($cookie_name, $cookie_value time() + (86400 * 30), “/”); // 86400 = 1 day
?>

> <?php
> if(!isset($_COOKIE[$id])) {
>   echo "Cookie named '" . $id . "' is not set!";
> } else {
>   echo "Cookie '" . $cookie_name . "' is set!<br>";
>   echo "Value is: " . $_COOKIE[$id];
> }
#4

Those aren’t the same, though - you set a cookie with the name “id”, but you check for the cookie $id, i.e. your poll ID.

Presuming that’s a typo and you are checking the same as you are setting, all you need do is expand your check code so that if the cookie is set, you don’t display the poll, and if it is not, you do. Once you successfully submit the poll, then you set the cookie for that poll id.

if (submitting the form) { 
  store the poll results
  set the cookie 
  display a thank-you, or the next poll, or whatever
  }
else {
  if (cookie is set) { 
    don't display the poll
  } 
  else {
    display the poll
    }
}
#5

Hi there, Could you tell me what i need to replace? do i need to change the name “id”? im very new to cookies so its a little confusing. also i need to add this code after my original code? Thank you again.

if (submitting the form) {
store the poll results
set the cookie
display a thank-you, or the next poll, or whatever
}
else {
if (cookie is set) {
don’t display the poll
}
else {
display the poll
}
}