JS/php add for every minute
https://stackoverflow.com/questions/2259236
-
20-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
What i want to do is that every user gets 1 points every minute. Now i have the php code in the addpoints.php, and then i have tried myself with jQuery javascript:
function addpoints() {
var userid = document.getElementById('user_id_points');
var postFile = 'addpoints.php?userid='+ userid.value;
$.post(postFile, function(data){
$("#points").html(data);
setTimeout(addpoints, 60000);
});
}
This works pretty good, and gives a point every 1 minute.. BUT one issue is that if you just refresh the page where the script is on, then you will receive a point.. so you could likely just refresh the page some times and then you raise your points..
I was thinking of maybe in addpoints.php make a if() that checks for last datestamp is longer than 1 minute then give out point else error..
I was just wondering if there was any better idea/thing to make, to prevent the little issue?
Solution
Storing the date+time (using a timestamp for instance) of the last time the score was incremented, next to that score (be it in $_SESSION or in database) would indeed be a solution :
- when a request to increment the score arrives, check the timestamp
- if it's more than 60 seconds ago, then increment the score, and update the timestamp
- else, don't update the score nor the timestamp
OTHER TIPS
based on the response of @Pascal MARTIN, if the solution is well, you choose @Pascal MARTIN ' response
function addpoints() {
var userid = document.getElementById('user_id_points');
var postFile = 'addpoints.php?userid='+ userid.value;
$.post(postFile, function(data){
$("#points").html(data.html);
setTimeout(addpoints, data.ts);
});
}
only get Timestamp in "addpoints_get_ts"
(function(){
var userid = document.getElementById('user_id_points');
var postFile = 'addpoints_get_ts.php?userid='+ userid.value;
$.get(postFile, function(data){
setTimeout(addpoints, data.ts);
});
})();
I'd suggest to add a column last in your MYSQL table. This way, you can make sur they won't cheat.
mysql_query('UPDATE `users` SET `points` = `points`+1, `last`='.time().' WHERE `last` < '.(time()-60).' AND `user_id` = '.intval($_GET['userid']).' LIMIT 1);
Additionally, you can use SESSION varaibles to make sure the right user calls the script, or even make sure the user is logged in. ;)
You should really only store the timestamp in the $_SESSIONS and not worry about what's in the database. Another nice thing you can do to prevent automated scripts is to enable some sort of authentication to access the page, preferably with a login and a strong captcha. Also make sure to secure against form spoofing and store multiple requests of the same IP and ban them. That will prevent someone from DOS'sing your server with multiple refreshes. You can use other things to determine if it's bieng automated, like IP, referrer checking, etc.
