How the PHP voting system brushes the ticket

Source: Internet
Author: User
Tags sql injection strlen ticket

In life, many people will encounter the need to vote. But often the place of vote is also weak, may not verify the source of the vote, will lead to brush the ticket, serious words will also lead to the site fall.

The following article is about how to brush the ticket, although not 100% can prevent, but also from the root causes to prevent a large number of rookie damage to the system.   I just turned around: Just made a brush ticket system, feeling a lot, just at the beginning is also encountered a lot of brush tickets. After the correction of time and again, basically put an end to the process of brushing the ticket. The following is a detailed list of the votes.
1. First a complex verification codeis very very important, just started with a very simple small authentication code, simply avoid the brush ticket program to crack. So on the internet to find a very complex verification code, even the artificial vote must be refreshed two.   There is a need to leave a mailbox, I will be the first time to send the past. 2. Because the voting is real name, fill in the ID number, so verification of the ID card number is also necessary。 First, the ID number must be 18 digits (a generation ID is now almost invisible), the first 17 digits must be numbers. The code now writes out a reference if (((Strlen ($SFZ))!=18 and (strlen ($SFZ))!=15) or (!is_numeric (substr ($SFZ, 0,strlen ($SFZ)-1))) "$sfz" Is the received ID number, which can be followed by a hint. In addition in Verify that the current ID card has been voted before the vote, or no counting. 3. If the mechanism for voting after registration is particularly formal, it should be registered registration information to Judge, you must add a validation code to limit the registration. 4. The security mechanism of the program is also important, if the use of object-oriented procedures, The counting function must be set to private.To prevent SQL injection! 5. Another is use cookies to limit time on the client, this way is to prevent a gentleman from the villain, professional brush ticket team will certainly first think of this point.   But the suggestion is added. 6. There is one more IP Restrictions, such as each IP only allowed to vote 100 votes (given that some companies use a large local area network, the public network IP is a use, otherwise it may appear unfair phenomenon). 7. The last and most important, The Verification Code input box is implemented with asynchronous communication。 The original page verification code is not displayed, click the Verification Code input box to display the verification code, and after the successful vote unset verification code session.   So you can avoid the vast majority of the brush ticket machine. This article probably provides some conventional ideas, the so-called prevention of human heart can not be, you can not ensure that each user input is safe. Finally say: Check the time to remember the white list, which is necessary.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.