防止 Facemash 通过 url 作弊 [英] Prevent Facemash cheating through url

问题描述

我一直在使用类似 Facemash 的脚本.但问题是，当我们实际将光标指向每张图片的图片时，在对人进行评分时，会出现如下 URL:

I've been using the Facemash-like script. But the problem is that while rating people when we actually point our cursor towards a picture for every image there is a URL like:

rate.php?winner=XXX&loser=XXXX1

所以，如果我们直接在地址栏中输入这个，这个技巧就奏效了！因此，用户有机会破解他们的分数.我知道我们可以将 GET 方法更改为 POST 方法.我已经搜索了这个，但没有什么能真正帮助我.文件的链接(rate.php 和 index.php)也包含在这个问题的评论中.

So, if we directly type this in the address bar the trick works! Hence there is chance for users to hack for their scores. I know we can change the GET methods to POST methods. And I've searched for this and nothing really helped me out. The links to the files(rate.php and index.php) are also included in the comments of this question.

推荐答案

我正在制作自己的类似 Facemash 的引擎，这就是我所做的.

I'm making my own Facemash-like engine and here's what I do.

我在 PHP $_SESSION 中存储了两个挑战者的 id.在显示新对之前，我检查 $_SESSION 是否已设置，如果是，我只是显示它们而不是从数据库中获取新对.这可以通过刷新页面直到您获得照片来防止作弊.我这样做是因为我正在制作 facemash 的社区相对较小.

I store two challengers' ids in PHP $_SESSION. Before displaying the new pair I check if $_SESSION is set and if it is I just display them instead of taking new pair from a database. This prevents cheating by refreshing the page until you get your photo. I did it because the community I'm making facemash for is relatively small.

所以链接看起来像 vote.php?v=left 或 right.在 vote.php 中，我从 $_SESSION['right'] 和 $_SESSION['left'] 然后取消设置它们.我期待有一天能发布我的剧本.

So links look like vote.php?v=left or right. In vote.php I get ids from a $_SESSION['right'] and $_SESSION['left'] and then unset them. I looking forward to publish my script some day.

这篇关于防止 Facemash 通过 url 作弊的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！