Hey guys, I'm currently working on a site where people can accrue "points" by clicking on a button in rapid succession. The button(which will actually be a graphic image), will just submit a basic PHP form that calculates the amount of points that person receives, and then sends them back to the page the first page to click the button again. What I need to know, is how can I keep people from automating it through bots, multiple page submissions, etc.

Anyone have any ideas?

Have you already coded the site?

Seeing as there is no limit to how much you allow them to click, in order to prevent them using something like iMacros, you could implement a captcha or some other form of verification.

Not for every click, but say one in 10. A simple captcha though, because people generally fucking hate them.

You said you were using PHP, so heres a captcha you can modify:


//captcha.php

<?php
session_start();
$text = rand(10000,99999);
$_SESSION["vercode"] = $text;
$height = 25;
$width = 65;

$image_p = imagecreate($width, $height);
$black = imagecolorallocate($image_p, 0, 0, 0);
$white = imagecolorallocate($image_p, 255, 255, 255);
$font_size = 14;

imagestring($image_p, $font_size, 5, 5, $text, $white);
imagejpeg($image_p, null, 80);
?>




//Form

<form action="submit.php" method="post">
Comment: <textarea name="coment"></textarea><br>
Enter Code <img src="captcha.php"><input type="text" name="vercode" /><br>
<input type="submit" name="Submit" value="Submit" />
</form>



//Submit:

<?php
session_start();
if ($_POST["vercode"] != $_SESSION["vercode"] OR $_SESSION["vercode"]=='') {
echo '<strong>Incorrect verification code.</strong><br>';
} else {
// add form data processing code here
echo '<strong>Verification successful.</strong><br>';
};
?>

Yeah, I had a feeling I would have to do some kind of captcha. Thanks for the code though, it's much less of a pain than reCaptcha.

You could log IP and if the same IP comes up x times during a day, show a message that says they aren't allowed to vote.

Easily bypassed though.