Hi,
I am busy building an application that requires one time voting and to get
around the user deleting a cookie that I set im keeping a hash on my side
which I then try match before allowing anything.
This is how I currently generate my hash:
/* Get vars */
$browser = $_SERVER['HTTP_USER_AGENT'];
$ip = $_SERVER['REMOTE_ADDR'];
$real_client_ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
if(!empty($real_client_ip))
$name = gethostbyaddr($real_client_ip);
else
$name = gethostbyaddr($ip);
/* Return generated hash */
return md5($browser.$ip.$real_client_ip.$name);
Now thats not ideal because you can just change your user agent and vote
again - but IP isnt good enough either because in South Africa due to the
poor internet we all connect to international sites via a series of
Transparent proxies which makes everyone seem to come from one IP.
Anyone had to deal with this in the past and does anyone have any
suggestions/ideas as to how I could better this setup?
Many thanks in advance,
Ian
