Discussion on How the PHP voting system prevents ticket refreshing

In life, many people will have to vote. However, the voting area is often weak. If the voting source is not verified, the vote will be refresh. Otherwise, the website will fall. The following article explains how to prevent ticket refresh. Although it cannot be prevented by 100%, It also eliminates the damage caused by a large number of cainiao to the system. I turned around directly: I just created a ticket flushing system and felt a lot of feelings. At the beginning, I also encountered a lot of votes. After correction again and again, the ticket flushing program was basically extinct.The following lists the ticket flushing details.:
1. First of all, a complicated verification code is very important. At the beginning, I used a very simple small verification code, which could not be used to crack the ticket flushing program. So I found a complicated verification code on the internet, and I had to refresh it twice for a human voting. If necessary, you can leave a mailbox, and I will send it in the first place. 2. Because all votes are in real-name format and the ID card number is entered, verification of the ID card number is also necessary. First, the ID card number must be 18 characters (the first generation of ID cards cannot be seen now), and the first 17 digits must be numbers. The Code now writes a reference if (strlen ($ sfz ))! = 18 and (strlen ($ sfz ))! = 15) or (! Is_numeric (substr ($ sfz, 0, strlen ($ sfz)-1) "$ sfz" is the ID number received. You can add a prompt method after this statement. In addition, verify whether the current ID card has been voted before the vote. Otherwise, the ticket is not counted. 3. If you can use the registration mechanism to vote after registration, you should also judge the registration information during registration, and you must add verification codes to restrict registration. 4. The security mechanism of the program is also very important. If you use an object-oriented program, you must set the ticket counting function to private to prevent SQL injection! 5. In addition, the cookie method is used to restrict the time on the client. This method is used to prevent the gentleman from defending against the villain. The professional ticket swiping team will definitely think of this first. However, it is recommended that you add. 6. there is also an IP address restriction. For example, each IP Address can only vote for 100 votes. (considering that some companies use a large LAN, all public IP addresses are used. Otherwise, unfair conditions may occur ). 7. The last one is also the most important. The verification code input box is implemented through asynchronous communication. The initial verification code is not displayed on the webpage. Click the verification code input box to display the verification code. The SESSION of the unset Verification Code immediately after the vote is successful. In this way, the vast majority of ticket buyers can be avoided. This article provides some general ideas. The so-called "self-protection" is inevitable. You cannot ensure that every user input is safe. Finally, it is necessary to remember the whitelist during the check.