?
Solved

check referring page

Posted on 2011-09-06
10
Medium Priority
?
469 Views
Last Modified: 2013-12-25
I have a sweepstakes landing page with a quiz. To enter the sweepstakes users must complete the quiz and at the end there is a link to an entry form (which takes them to the form page).  They can only enter once per day. On the form, if they choose, they can click "remember me" so the form fields will auto-populate on future visits (cookies). How can I...

1. On future visits, make sure they do not bypass the quiz by going directly to the form page (bookmarking it, etc).

2. limit them to only one entry per day (check the db and if there is already an entry with their email dated today - give them a "sorry" message)

p.s. I do not want to use login for this. Not sure if this matters, but the quiz is in both Flash (for web) version and Javascrip (for mobile).

Also, I am only a lightweight programmer so prefer the simplest solution. This site uses PHP and MySQL.

thanks you.
0
Comment
Question by:web5dev7
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
10 Comments
 
LVL 82

Expert Comment

by:leakim971
ID: 36492476
You need to manage user session, check this good article : http://www.sitepoint.com/users-php-sessions-mysql/
0
 
LVL 111

Accepted Solution

by:
Ray Paseur earned 750 total points
ID: 36493067
If this has any economic value to you, consider hiring a heavy-weight professional programmer.  The potential for catastrophic error is arbitrarily large.

That said, you might want to employ "flash cookies" since most casually knowledgeable hackers will defeat conventional cookies in a matter of moments.
http://en.wikipedia.org/wiki/Local_Shared_Object
http://www.wired.com/epicenter/2009/08/you-deleted-your-cookies-think-again/

You can add a level of security to your cookies with something like the code snippet.  
<?php // RAY_cookie_safety.php
error_reporting(E_ALL);


// DEMONSTRATE HOW TO ENCODE INFORMATION IN A COOKIE
// TO REDUCE THE RISK OF COOKIE TAMPERING


// A DATA DELIMITER
$dlm = '|';

// YOUR OWN SECRET CODE
$secret_code = 'MY SECRET';

// A DATA STRING THAT WE WANT TO STORE (MIGHT BE A DB KEY)
$cookie_value = 'MARY HAD A LITTLE LAMB';

// ENCODE THE DATA STRING TOGETHER WITH OUR SECRET
$cookie_code = md5($cookie_value . $secret_code);

// CONSTRUCT THE COOKIE STRING WITH THE CLEAR TEXT AND THE CODED STRING
$safe_cookie_value = $cookie_value . $dlm . $cookie_code;

// SET THE COOKIE LIKE "MARY HAD A LITTLE LAMB|cf783c37f18d007d23483b11759ec181"
setcookie('safe_cookie', $safe_cookie_value);



// WHEN STORED, THE COOKIE WILL BE URL-ENCODED SO IT WILL LOOK SOMETHING LIKE THIS ON THE BROWSER
// MARY+HAD+A+LITTLE+LAMB%7Ccf783c37f18d007d23483b11759ec181
// IT WILL BE URL-DECODED BEFORE IT IS PRESENTED TO PHP



// HOW TO TEST THE COOKIE
if (isset($_COOKIE["safe_cookie"]))
{
    // BREAK THE COOKIE VALUE APART AT THE DELIMITER
    $array = explode($dlm, $_COOKIE["safe_cookie"]);

    // ENCODE THE DATA STRING TOGETHER WITH OUT SECRET
    $cookie_test = md5($array[0] . $secret_code);

    // IF THE MD5 CODES DO NOT MATCH, THE COOKIE IS NO LONGER INTACT
    if ($cookie_test == $array[1])
    {
        echo "<br/>THE COOKIE {$_COOKIE["safe_cookie"]} IS INTACT";
    }
    else
    {
        echo "<br/>THE COOKIE {$_COOKIE["safe_cookie"]} IS CORRUPT";
    }
}
else
{
    die('COOKIE IS SET - REFRESH THE BROWSER WINDOW NOW');
}




// MUNG THE COOKIE TO DEMONSTRATE WHAT HAPPENS WITH A CORRUPT COOKIE
$_COOKIE["safe_cookie"] = str_replace('MARY', 'FRED', $_COOKIE["safe_cookie"]);

// HOW TO TEST THE COOKIE
if (isset($_COOKIE["safe_cookie"]))
{
    // BREAK THE COOKIE VALUE APART AT THE DELIMITER
    $array = explode($dlm, $_COOKIE["safe_cookie"]);

    // ENCODE THE DATA STRING TOGETHER WITH OUT SECRET
    $cookie_test = md5($array[0] . $secret_code);

    // IF THE MD5 CODES DO NOT MATCH, THE COOKIE IS NO LONGER INTACT
    if ($cookie_test == $array[1])
    {
        echo "<br/>THE COOKIE {$_COOKIE["safe_cookie"]} IS INTACT";
    }
    else
    {
        echo"<br/>THE COOKIE {$_COOKIE["safe_cookie"]} IS CORRUPT";
    }
}

Open in new window


If you are running a sweepstakes, make sure your application is legal in all countries that you serve.  The criminal penalties for violating gambling rules are severe and most of the penalties involve handcuffs and prison.  Not something to trifle with, I assure you.

Good luck with your project, ~Ray
0
 

Author Comment

by:web5dev7
ID: 36497813
Thanks for your help so far.

Ray, I hear what your saying about hiring a pro and I tend to agree.

However, in an effort to keep it simple and a desire to learn - what about using .htaccess to accomplish item#1 - as described in this article:
http://www.w3.org/TR/WCAG20-TECHS/SVR2.html

Your thoughts?
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
LVL 111

Assisted Solution

by:Ray Paseur
Ray Paseur earned 750 total points
ID: 36498123
Yes, I think you can do that.  I have never used it but it seems acceptable.  You can also use PHP authentication of some sort.  Even if you do not require clients to register and login, you can cookie the browser.  E-Commerce sites do this all the time so they can create a shopping cart for you even though they do not yet know who you are.  You can also check $_SERVER["HTTP_REFERER"] to see if the client came from your web site to the deep link.
0
 

Author Comment

by:web5dev7
ID: 36500201
The htaccess not working - how about this....

Normally I use Coldfusion for this stuff and a "gateway" page to restrict access to the entry form. So maybe a translation to php would work. Do you know how could I write the following in php:

Code on the interim page:

<body onLoad="javascript:document.Form1.submit();">

<form action="submit.cfm" method="post" name="entry">
<cfoutput>
<input type="hidden" name="fromquiz" value="Y">
</cfoutput>
</form>

Code on the form page:

<cfif IsDefined("form.fromquiz") is "False">
<cflocation url="error.cfm?err=badpath">
</cfif>

Then for restricting form entries to once per day per user (email):
<cfquery name="oneaday" datasource="mydb">select email from QUIZ_TABLE where email = '#trim(form.email)#' and submitdate = '#form.submitdate#' and form_action = 'quizentry'</cfquery>
<cfif az.recordcount NEQ 0><cflocation url="error.cfm?err=dup-game"></cfif>

thanks
0
 
LVL 82

Assisted Solution

by:leakim971
leakim971 earned 750 total points
ID: 36500328
Code on the interim page:

<body onLoad="javascript:document.Form1.submit();">

<form action="submit.php" method="post" name="Form1">
<?PHP
     echo '<input type="hidden" name="fromquiz" value="Y">';
?>
</form>

Code on the form page:
<?PHP
     if( !isset( $_REQUEST["fromquiz"] ) ){
         header('Location: error.php?err=badpath');
     }
?>

Then for restricting form entries to once per day per user (email):

<?PHP

if( isset($_REQUEST["email"]) && isset($_REQUEST["$submitdate"]) ) {

$link = mysql_connect('localhost', 'mysql_user', 'mysql_password');
if (!$link) {
    die('Could not connect: ' . mysql_error());
}

// make foo the current db
$db_selected = mysql_select_db('foo', $link);
if (!$db_selected) {
    die ('Can\'t use foo : ' . mysql_error());
}

$result = mysql_query('select email from QUIZ_TABLE where email = \'' . trim (mysql_real_escape_string ($_REQUEST["email"])) . '\' and submitdate = \'' . trim (mysql_real_escape_string ($_REQUEST["$submitdate"])) . '\' and form_action = \'quizentry\'');
if (!$result) {
    die('Invalid query: ' . mysql_error());
}

if( mysql_num_rows($result) != 0 ) {
    header('Location: error.php?err=dup-game');  
}


}
?>
0
 

Author Comment

by:web5dev7
ID: 36500914
Leakim,

Regarding this part:
$link = mysql_connect('localhost', 'mysql_user', 'mysql_password');

Is that all it needs to connect? or do I also need to add a connection file (include) on the form page something like:
<?php require_once('connect.php');?>

and connect.php have something like:

<?php
# FileName="Connection_php_mysql.htm"
# Type="MYSQL"
# HTTP="true"
$hostname_connect = "localhost";
$database_connect = "mydbname";
$username_connect = "dbusername";
$password_connect = "mypassword";
$connect = mysql_connect($hostname_connect, $username_connect, $password_connect) or trigger_error(mysql_error(),E_USER_ERROR);
?>

Or is everything it needs already included in your code ?
0
 
LVL 82

Assisted Solution

by:leakim971
leakim971 earned 750 total points
ID: 36501593
>Is that all it needs to connect?

yes
0
 

Author Comment

by:web5dev7
ID: 36503755
ok, so I guess I need to replace "foo" with my actual db name and the actual user/pass in place of: mysql_user, mysql_password in your code:
$link = mysql_connect('localhost', 'mysql_user', 'mysql_password');

correct?

0
 

Author Closing Comment

by:web5dev7
ID: 36582179
partial solution
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the steps required to install WordPress on Azure. Web Apps, Mobile Apps, API Apps, or Functions, in Azure all these run in an App Service plan. WordPress is no exception and requires an App Service Plan and Database to install
Containers like Docker and Rocket are getting more popular every day. In my conversations with customers, they consistently ask what containers are and how they can use them in their environment. If you’re as curious as most people, read on. . .
Learn the basics of modules and packages in Python. Every Python file is a module, ending in the suffix: .py: Modules are a collection of functions and variables.: Packages are a collection of modules.: Module functions and variables are accessed us…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question