Hello all,
I coded a little counter (an internal i-like).
To prevent users form liking 100 times in a row, I check with the Session Class of Silverstripe if that page was already liked:

public function countUp(){
	if(Session::get('liked-' . $this->ID) == false){ 
		Session::set('liked-' . $this->ID, 'true'); 
		$this->Counter = $this->Counter+1;
		$this->writeToStage('Stage');
		$this->publish("Stage", "Live");
	}
}

that blocking works so far, but users who disable their cookies can like unlimited :(
I do not understand why Silverstripe Session does rely on cookies to work.
florian

Checking the session is a really short term solution anyway since the session only lasts for as long as the browser window is open. Just closing it and opening the browser again will give you a new session and you can vote again. Generally session through cookies is the norm since session through GET variables is considered insecure AFAIK.

Cookies is really your only option if you want to make a long term check unless you want to log ip addresses but since some people have dynamic ip that doesn't really work either.

hey smurkas,
thank you for your answer.
so that really means silverstripe session does only work with cookies enabled right? :)

maybe i could write all the ips that voted to the database and block them for a few minutes.

cheers,
florian

so that really means silverstripe session does only work with cookies enabled right?

http://php.net/manual/en/session.configuration.php

maybe i could write all the ips that voted to the database and block them for a few minutes.

Please consider that a lot of people share one IP address, that there are easy changeable dynamic IPs, proxies, etc.

hey devlin,
I just coded the ip-block for re-votes via ip tracking in the database . I just block ip´s that are younger than 10 minutes. That is combined with the session check and a cookie.
It´s not a big problem if someone finds a way to vote twice by changing ip or disable cookies.

I just want to prevent someone clicking 20 times in 2 seconds.
I would do that to check if it´s a proper counter :)

here is my final code:

public function countUp(){
	if(!isset($_COOKIE['liked-' . $this->ID]) && Session::get('liked-' . $this->ID) == false){ 
		Session::set('liked-' . $this->ID, 'true'); 
		setcookie('liked-'.$this->ID, time(), time()+3600*24*365, '/'); 
		if($this->checkIpVoted()==false){ 
			$vote = new ILikeVote();
			$vote->Timestamp = time();
			$vote->VotedPageID = $this->ID;
			$vote->IP = $_SERVER['REMOTE_ADDR'];
			$vote->write(); //write to d
			//increment the counter of the page
			$this->Counter = $this->Counter+1;
			$this->writeToStage('Stage');
			$this->publish("Stage", "Live");
		}
	}
}

private function checkIpVoted(){
	$ret = false;
	$time = time();
	$timeLimit = $time - 600;
	$vote = DataObject::get_one( 
		$obj = "ILikeVote", 
       	$filter = "IP = '{$_SERVER["REMOTE_ADDR"]}' AND VotedPageID = {$this->ID} AND Timestamp > {$timeLimit}"
	);
	if($vote){
		$ret = true;
	}
	//get old votes and delete them
	$oldVotes = DataObject::get(
		$obj = "ILikeVote", 
       	$filter = "IP = '{$_SERVER["REMOTE_ADDR"]}' AND VotedPageID = {$this->ID} AND Timestamp < {$timeLimit}"
	);
	if($oldVotes){ //delete old votes of that ip (older than 10min)
		foreach($oldVotes as $vote){
			$vote->delete();
		}
	}
	return $ret;
}