How can I track IPv4 IP Adresses to prevent multivoting?

问题: I'm creating a website and I'm trying to implement a feature to prevent multivoting. The way I have it implemented at the moment seems to work to an extent, but it seems us...

问题:

I'm creating a website and I'm trying to implement a feature to prevent multivoting. The way I have it implemented at the moment seems to work to an extent, but it seems user IPv6 IP Addresses change every day allowing another vote on another day per user.

Here's how I'm currently logging IPs

This is how I'm grabbing the user IP in PHP.

$user_ip = getenv('HTTP_CLIENT_IP')?:
getenv('HTTP_X_FORWARDED_FOR')?:
getenv('HTTP_X_FORWARDED')?:
getenv('HTTP_FORWARDED_FOR')?:
getenv('HTTP_FORWARDED')?:
getenv('REMOTE_ADDR');

And here is how I'm logging each vote in the database

$check_if_vote = mysqli_query($con, "SELECT * FROM voting_log WHERE voter_ip = '".$user_ip."' AND voted_user = '".$search."'");

if(mysqli_num_rows($check_if_voted) <= 0) {
    mysqli_query($con, "INSERT INTO voting_log (voter_ip, voted_user, votetype) VALUES ('".$user_ip."', '".$search."', 0);");
} else {
   echo "You have already voted for this user";
}

Is there a way to track IPv4 IP's only as these don't seem to ever change. Thanks in advanced.


回答1:

If you feel comfortable to add a bit of javascript into the mix, consider adding some code to the frontend of your site that fingerprints the client. Send it along with the request and if you are dealing with an IPv6, rely on the fingerprint instead.

This question has multiple great answers that go into detail on how to achieve this.

It's still not fool proof, but the chances of running into a user that has both an IPv6 and is savy enough to circumvent your chosen approach of unique identification on the client-side might be low enough to be acceptable in your case.

  • 发表于 2019-02-23 23:20
  • 阅读 ( 202 )
  • 分类:sof

条评论

请先 登录 后评论
不写代码的码农
小编

篇文章

作家榜 »

  1. 小编 文章
返回顶部
部分文章转自于网络,若有侵权请联系我们删除