Re: count clicks to count most important news

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 01-01-2012 20:08, Ashley Sheridan wrote:
On Sun, 2012-01-01 at 11:49 -0500, Tedd Sperling wrote:

On Jan 1, 2012, at 11:26 AM, muad shibani wrote:

I have a website that posts the most important news according to the number
of clicks to that news
the question is : what is the best  way to prevent multiple clicks from the
same visitor?

Not a fool-proof method, but use Javascript on the client-side to stop users' from continuous clicking.

Then create a token and verify the click on the server-side before considering the click as being acceptable.

Cheers,

tedd


_____________________
tedd@xxxxxxxxxxxx
http://sperling.com







There are still problems with this, GET data (which essentially only
what a clicked link would produce if you leave Javascript out the
equation - you can't rely on Javascript) shouldn't be used to trigger a
change on the server (in your case a counter increment)

I did something similar for a competition site a few years ago, and
stupidly didn't think about this at the time. Someone ended up gaming
the system by including an image with the clicked-through URL in the src
attribute, and put that on their MySpace profile page, which had more
than a few visitors. Each of those visitors browser attempted to grab
that "image" which registered a click, and because of the number of
unique visitors, the clicks were registered as genuine.

I'd recommend using POST data for this reason, as it's a lot more
difficult for people to game.

I agree, POST data is indeed the way to go here. Personally, I would use a "like" image-like thing which is actually a button, using some clever javascript (personally I would use jquery for this) you can then POST data to the server based on the click. Then set a cookie which disables the button (and keeps it disabled on future visits). This should prevent average person from repeatedly clicking it. You could also log the person's IP adress and filter based on that aswell; combining various methods would be best in this case I think.

To prevent the method which Ashley mentioned, using POST data isn't enough. You would want to guarantee that the link came from YOUR server instead of some different place. There are multiple ways to do this: - use a unique key as an argument in the POST which can only be "clicked" once. Register the key in a database before serving the page, and then unregister it once it has been served and clicked. Though if a person were to repeatedly open the page, your cache would be exhausted, and the method would become useless. - require a referrer address to come from your domain; also reasonably easily circumvented in this case - there are more, but it really depends on how much effort you want to put into preventing attacks and how much effort you expect others to put into attacking it. For example, large sites like youtube are sure to use extensive measures to prevent people from spam-clicking in any way. While sites that only cater to say 3 visitors a month don't require all that effort in the first place.

Hope that helps,
- Tul

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux