I'm hoping someone can give me a quick tip on this.

We're running a huge promotion on our site, and I have a fear it will be abused. Basically, when someone clicks on a specific icon/link, they get to see if they won a prize or not.. Here's what I'd like to do;

Be able to set a cookie (or something similar) so that they can only get to that page once. The thing I don't want to happen is they keep clicking the same link, in the hope of getting a better prize.

The result I'd like to see;
User clicks the link, and get's his notification of prize, or lack thereof. Then, if he refreshes the page, or clicks the link again, he is given a message "Sorry, you can only check one pot of gold".

Can someone give me any heads up, on how I would perform this?

Thanks,
Simon

will the users not just be able to clear the cookies and try again?

Can you maybe get them to enter their e-mail then you send them a number, they then enter that number into the site, which tells them if they win or not, that number is then deleted?

Not a quick fix but its definetly more secure in my mind,

will the users not just be able to clear the cookies and try again?
Possibly, but only if they know that's the method we're using.

I'd like to lock it down as much as possible, maybe on an IP basis. I'm not a coder unfortunately, so I'm looking for tips on how to approach this.

Thanks,
Simon

Just to add....

I have no idea if its possible or not, nor any idea how to do it?

(i have updated my first post)

Just to add....

I have no idea if its possible or not, nor any idea how to do it?

(i have updated my first post)I certainly like the idea, but I am guessing it would take a while to get the back end in place to make it automated.

We're pushing this in a lot of places, on a lot of advertising campaigns, so automation is key.

Thanks,
Simon

Ic, there may be a free script or something available but i cant really be sure im afraid :s

Ic, there may be a free script or something available but i cant really be sure im afraid :s
Thanks for the help though, much appreciated.

I'll keep hunting :)

Simon

No problem mate, sorry i couldnt help more.

A possible other option is to make them enter their address etc, and say they can only have one entry per address, but convince them that they wont get the prize unless its a real address that they own etc.

I could be wrong, but I don't think there's any definte way that you could be 100% certain that you're going to prevent them re-trying.

If you use cookies or sessions then they will be able to clear those quite easily.

Perhaps a better option might be to record their IP address into a database, then upon every hit to the page, check the database to see if their IP address is recorded. If it is, then display the 'sorry only one try' message, and if it isn't then record it and let them through to the page and record it into the database for future checks.

That method should be a bit better than the cookies approach, but still isn't fool proof as it's possible that those that are assigned a dynamic IP address will have a different IP on each visit to your site (if they disconnect and reconnect their ISP may assign them a new IP address - though these would likely be in a range so you could more easily spot abuse and perhaps with a bit of logic in the script to spot multiple hits in the same IP ranges you could prevent that to some extent). You could still have people accessing multiple times through proxies or anonymisers though so that could also be an issue (perhaps a ban list for well know proxy servers or something).

Perhaps using that approach in combination with a cookie might at least put all but the most determined people off though. I couldn't say for sure so you would need to make that judgement yourself. There may be something I'm missing, or there may be a better way of doing this that I'm not aware of.

My guess is that there's an online script or system already out there somewhere that you should be able to buy our use use (though I can't recommend one personally as I haven't needed to do this yet myself).

Good luck with your promotion anyway :)

I'm absolutely lost with this one.

I've looked around for the past hour+ and have not found anything; maybe I'm checking the wrong keywords, who knows.

This intrigues me;



Perhaps a better option might be to record their IP address into a database, then upon every hit to the page, check the database to see if their IP address is recorded. If it is, then display the 'sorry only one try' message, and if it isn't then record it and let them through to the page and record it into the database for future checks.

Any type of script, or person who could do that, and could have it ready tonight, that anyone knows of?

I guess I'm seeing the downside right now, to outsourcing absolutely everything related to coding and design :(

Simon

You could try a combination of IP checking, and confirmation key. Though IP checking can be moot since a good majority of the internet is still on dialup.

You could try a combination of IP checking, and confirmation key. Though IP checking can be moot since a good majority of the internet is still on dialup.
Yes, I do like this idea. However, I am looking more for how to actually implement it, as opposed to what we'll be checking.

Thanks,
Simon

There really isn't an easy answer.....

Cookies are to easy to clear, and to easy for a person just to try another computer. With IP's, either the person is on dialup and gets a new one every connection, or you end up with a situation where there are multiple people behind a router but all sharing the same IP thereby blocking them out.

THe only solution I can think of is to require contact information before they click the link....

THe only solution I can think of is to require contact information before they click the link....

I think this is what it comes down to. As mentioned, the other methods have some serious holes.

Simon, just use your survey script and create a question with a text field to enter their name. And in order to claim their prize, they will need to verify their identity and location. And then after they verify their identity, you can also match up the recorded IP to see if it matches with their part of the world.

Vito