in reply to Dont allow multiple registrations or automated script problem

How about this? (Not tested.)

$sth = $dbh->prepare("SELECT COUNT(*) FROM users WHERE host=? AND date
+>DATE_SUB(NOW(), INTERVAL 5 MINUTE)");
$sth->execute($host);
$row = $sth->fetchrow_arrayref
    or die "some kinda error";

if ($row->[0]) {
    # there's already a user in the database which was
    # registered from this IP, less than five minutes ago.
    # fail in some way.
}

[download]

Replies are listed 'Best First'.
Re^2: Dont allow multiple registrations or automated script problem
by Nik (Initiate) on Oct 21, 2006 at 15:06 UTC
    Thank you that worked but i wonder also if i should let generally people to register from the same ip address that another user used to register in the past.
    What do you think?
[reply]

      I think you should. Consider a few scenarios:

      • My wife and I share a router, which shares an Internet connection. That means that while we are two unique users, we will appear to the outside world to have the same IP address.
      • Consider users of larger ISPs such as AOL, where often all users within a particular region will share the same IP address from the perspective of the outside world. If you allow only one registration per IP address, you'll block a lot of other people.
      • Consider dialup users, who get a different IP address every time they dial in to their ISP. That's a whole different problem. Here, the same person could register, hang up, dial in again, and re-register with his new IP. Oh, and guess what. The next time another user from that ISP dials in and gets an IP already used by the first registrant, he will be denied registration access! Two problems in one.

      Dave

[reply]
        Yes you are absoultety right in the first 2 cases and that made it clar to me that i should allow more regs per ip.
        But in the 3rd case scenario i cant avoid the fact than 1 user can register 1000 times as long as he chnages his dynamic ip addresses and pick random usernames while in the meantitme anoher poor user would be deined reg access.
        If i allow multiple regs per ip then there is no unfortunate user but also i cant avoid the fact of 1 user register a million times by spaming my register.pl

        Damn is there a workaround for that?
[reply]

In Section Seekers of Perl Wisdom