I have a voting system and everything works fine except some users trying to send rapid requests in order to get around the system and add more points .
if (isset($_COOKIE['vote_posneg_'.$id.''])){
die("already voted");
}else{
setcookie('vote_posneg_'.$id.'', 1, time()+7200); // set cookie that expires in 2 hour "time()+7200".
}
switch ($section){
case "comments":
if($mode == "pos"){
$sql= "UPDATE comments SET `positive`= positive+1 WHERE commentid='$id'";
$sql2= "SELECT `positive` FROM comments WHERE commentid='$id' LIMIT 1";
}else{
$sql= "UPDATE comments SET `negative`= negative+1 WHERE commentid='$id'";
$sql2= "SELECT `negative` FROM comments WHERE commentid='$id' LIMIT 1";
}
break;
}
list($cnumnow) = mysql_fetch_row(mysql_query($sql2)) or die(mysql_error());
die($cnumnow);
Therefore before setting new cookie after updating the DB table , user can send rapid Ajax requests and adds points more than once.
