what is the best way to create a cookie for the user voting system one time vote

2

this system for star rating is working everything but I just wanted to create a cookie so that user votes only once every day I tried in several ways but the cookie is not generated

$(function(){
	var average = $('.ratingAverage').attr('data-average');
	function avaliacao(average){
		average = (Number(average)*20);
		$('.bg').css('width', 0);		
		$('.barra .bg').animate({width:average+'%'}, 500);
	}
	
	avaliacao(average);

	$('.star').on('mouseover', function(){
		var indexAtual = $('.star').index(this);
		for(var i=0; i<= indexAtual; i++){
			$('.star:eq('+i+')').addClass('full');
		}
	});
	$('.star').on('mouseout', function(){
		$('.star').removeClass('full');
	});

	$('.star').on('click', function(){
		var idArticle = $('.article').attr('data-id');
		var voto = $(this).attr('data-vote');
		$.post('votar.php', {votar: 'sim', artigo: idArticle, ponto: voto}, function(retorno){
			avaliacao(retorno.average);
			$('.votos span').html(retorno.votos);
		}, 'jSON');
	});
});
.barra{width:150px; height:30px; background:#ebebeb; position:relative;}
.stars{position:absolute; left:0; top:0; width:100%;}
.star{
	float:left; 
	width:30px; 
	height:30px;
	text-align:center; 
	position:relative; 
	cursor:pointer;
}
.star.full{background:linear-gradient(to bottom, #fee24f, #f4bb2f)}

.bg{float:left;height:30px; width:30%; background:linear-gradient(to bottom, #fee24f, #f4bb2f);}
.starAbsolute{
	position:absolute; 
	top:0; 
	left:0;
	width:100%; 
	height:100%; 
	background:url(../starpng.png) top left no-repeat; 
	background-size:cover;
}
<?php
	include_once "../Config.inc.php";
?>


<html lang="pt-BR">
<head>
	<meta charset=UTF-8>
	<title>pagina teste</title>
	<link href="<?= BASE; ?>/css/style.css" rel="stylesheet" type="text/css" />
                  <script  src="<?= BASE; ?>js/jquery-3.1.1.min.js"></script>
                  <script  src="<?= BASE; ?>/js/avaliations.js"></script>
</head>

	<body>
<?php
	$id_pro =1;
	$pegaArtigo = $pdo->prepare("SELECT * FROM 'wc_app' WHERE id = $id_pro");
	$pegaArtigo->execute(array($id_pro));
	while($artigo = $pegaArtigo->fetchObject()){
		$calculo = ($artigo->pontos == 0) ? 0 : round(($artigo->pontos/$artigo->votos), 1);
?>

<span class="ratingAverage" data-average="<?php echo $calculo;?>"></span>
<span class="article" data-id="<?php echo $id_pro;?>"></span>

<div class="barra">
	<span class="bg"></span>
	<span class="stars">
<?php for($i=1; $i<=5; $i++):?>


<span class="star" data-vote="<?php echo $i;?>">
	<span class="starAbsolute"></span>
</span>
<?php 
	endfor;
	echo '</span></div><p class="votos"><span>'.$artigo->votos.'</span> votos</p>';
}
?>
</body>
</html>

require 'environment.php';
global $config;
$config = array();
if(ENVIRONMENT == 'development') {
	$config['dbname'] = 'megaki';
	$config['host'] = 'localhost';
	$config['dbuser'] = 'system';
	$config['dbpass'] = 'system';
} else {
	$config['dbname'] = 'megakico_megaki';
	$config['host'] = 'localhost';
	$config['dbuser'] = 'megakico_system';
	$config['dbpass'] = 'system302573';
}

try {

$pdo = new PDO("mysql:dbname=".$config['dbname'].";host=".$config['host'], $config['dbuser'], $config['dbpass'], [PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8"]);
}catch(PDOException $e){
	echo "conhexao ao banco de dados falhou".$e->getMessage();
}
    
asked by anonymous 06.03.2017 / 16:18

3 answers

3

First you should understand what are all the possible options you have at your disposal.

Cookies

It is the simplest option to use. Your PHP script will set a cookie on the user's browser with the date you voted, and each time he visits the site again you check if it's already been 24 hours (or the time you want).

Advantages

  • It is widely supported by all browsers, be they simpler or more advanced.
  • This is one of the simplest methods to implement because the data is on the client side and the server only needs to perform a check.

Disadvantages

  • You can change your browser and vote again.
  • User can clear browser cookies and can vote again.
  • The user can edit the cookie value, breaking his logic easily.

Local Storage

This is an option for supported browsers. The data is stored on the client side, just as in the case of cookies.

Advantages

  • Requires server-side processing.

Disadvantages

  • Like cookies, it can be manipulated easily by the user.
  • The logic of voting will be on the client side, so the user can easily manipulate it to vote again.

IP Storage

You store the user's IP on the server and check each time if it has already reached the daily vote limit.

Advantages

  • The user can not easily manipulate the data, changing the browser and clearing cookies that the rule remains the same.
  • There is no need to worry about supporting more browsers, since even if cookie is disabled, the rule continues to work.

Disadvantages

  • Higher cost of infra, since you will have to store the IP and the date of the last time you voted.
  • If you are on a shared network, only one of them will be able to vote, so anyone at LanHouses will not be able to vote.
  • If the user changes his IP, restarting his Modem for example, he can vote again.

Conclusions

No technology is perfect, and all will suffer in some way. My recommendation is that you use the technique of IP storage, because it ends up being the most expensive technique, but the one that guarantees the highest security. Obviously the cookie technique is also welcome, as normal users usually use only 1 browser.

Finally, you can still opt for a combination of techniques by storing the IP on the server and sending a cookie to the client. This way you have a slightly higher warranty that is not being circumvented.

Note : I'm considering that you want to ensure that anonymous users do not vote twice. If you want to check if a logged in user has already voted twice, you can simply create one more field in the database that stores this information and get rid of all other problems.

    
06.03.2017 / 18:30
0
<?php

// Cria o cookie usuario só que irá durar 1 dia
setcookie('usuario', '[email protected]', (time() + (1 * 24 * 3600)));


?>

Done, if the cookie exists, it can not vote, if it does not exist, it can vote.

    
06.03.2017 / 16:23
0

I am not aware of the open voting system (for non-registered users) that watches over data reliability.

If this is the case only with cookies or data in localStorage in both cases can be easily circumvented or modified by breaking the logic of the code. >

In the case of registered users (and assuming the use of a session or a non-stateless state) the item to be voted on must have entry in the database registering some user identifier that "voted" and always when doing voting you should check if it has not already performed such an operation.

The first logic would be to send the ID of the bad user, since using javascript this can be circumvented by a malicious user countless times. To work around this you can send a tokem created during login and checked before inserting.

    
06.03.2017 / 19:14