JS/php 每分钟添加
我想做的是每个用户每分钟获得1分。现在我在 addpoints.php 中有 php 代码,然后我尝试使用 jQuery javascript:
function addpoints() {
var userid = document.getElementById('user_id_points');
var postFile = 'addpoints.php?userid='+ userid.value;
$.post(postFile, function(data){
$("#points").html(data);
setTimeout(addpoints, 60000);
});
}
这工作得很好,每 1 分钟给出一个点。但是有一个问题是,如果您只是刷新脚本所在的页面开启,那么您将收到一个点..所以您可能只需刷新页面几次,然后提出您的点..
我想也许在 addpoints.php 中创建一个 if() 来检查最后一个日期戳是否更长超过 1 分钟,然后给出其他错误点。
我只是想知道是否有更好的想法/事情可以做,以防止这个小问题?
What i want to do is that every user gets 1 points every minute. Now i have the php code in the addpoints.php, and then i have tried myself with jQuery javascript:
function addpoints() {
var userid = document.getElementById('user_id_points');
var postFile = 'addpoints.php?userid='+ userid.value;
$.post(postFile, function(data){
$("#points").html(data);
setTimeout(addpoints, 60000);
});
}
This works pretty good, and gives a point every 1 minute.. BUT one issue is that if you just refresh the page where the script is on, then you will receive a point.. so you could likely just refresh the page some times and then you raise your points..
I was thinking of maybe in addpoints.php make a if() that checks for last datestamp is longer than 1 minute then give out point else error..
I was just wondering if there was any better idea/thing to make, to prevent the little issue?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
将上次分数递增的日期+时间(例如使用时间戳)存储在该分数旁边(可以在
$_SESSION
中或在数据库)确实是一个解决方案:Storing the date+time (using a timestamp for instance) of the last time the score was incremented, next to that score (be it in
$_SESSION
or in database) would indeed be a solution :基于@Pascal MARTIN的响应,如果解决方案很好,您选择@Pascal MARTIN'响应
仅在“addpoints_get_ts”中获取时间戳
based on the response of @Pascal MARTIN, if the solution is well, you choose @Pascal MARTIN ' response
only get Timestamp in "addpoints_get_ts"
我建议在 MYSQL 表中添加一列
last
。这样,您就可以确保他们不会作弊。此外,您可以使用 SESSION 变量来确保正确的用户调用脚本,甚至确保用户已登录。;)
I'd suggest to add a column
last
in your MYSQL table. This way, you can make sur they won't cheat.Additionally, you can use SESSION varaibles to make sure the right user calls the script, or even make sure the user is logged in. ;)
您实际上应该只将时间戳存储在 $_SESSIONS 中,而不用担心数据库中的内容。您可以做的另一件防止自动脚本的好事情是启用某种身份验证来访问页面,最好使用登录名和强大的验证码。还要确保防止表单欺骗并存储同一 IP 的多个请求并禁止它们。这将防止有人通过多次刷新对您的服务器进行 DOS 操作。您可以使用其他东西来确定它是否是自动化的,例如 IP、引荐来源检查等。
You should really only store the timestamp in the $_SESSIONS and not worry about what's in the database. Another nice thing you can do to prevent automated scripts is to enable some sort of authentication to access the page, preferably with a login and a strong captcha. Also make sure to secure against form spoofing and store multiple requests of the same IP and ban them. That will prevent someone from DOS'sing your server with multiple refreshes. You can use other things to determine if it's bieng automated, like IP, referrer checking, etc.