Logic brainstorm

**Sir P** · 04-07-2008, 04:47 AM

hello all,

need to do a bit of brainstorming, maybe you guys have an idea..

sites such as DNS stuff, pandora, jango all allow users to use their tools/features X number of times before registering... Im building a tool that I wish to do the same... now what I have available, CGI,C, PHP, mysql, linux, perl, apache ... what is the best way to do such a thing?

I'm not after code here, I'm after logic, heres the appraoched I can think of those I dont think are good enough - can anyone think of any alternatives or modifications?

1. PHP SESSIONS - when user accesses the website they get tracked in a session, everytime they use the tool the $_SESSION['count'] gets ++'d. This all very well and good but all they have to do is clear their sessions and its reset.

2. IP stored in DB. when user accesses website their IP is stored.. everytime they use the tool the code querys the DB see's if IP is there and again count gets plus 1... problem here is user can reset his IP and most connections do this for you anyway.. it also causes issues with shared office/school networks.

So pssh not sure the best way to tackle this.. i could just force signup before any use but I dont like that idea so much.

What do you think?
cheers all,

**chrishirst** · 04-07-2008, 05:43 AM

Sessions are dead and gone when the user closes the browser.

Use a combination of IPs in a database table and cookies on the machine.
Generate an ID to store in the cookie and the DB (Session ID usually), if the IP exists in the DB check the ID in the cookie against the stored ID and check the access count for that row.
If the IP doesn't exist, then check for the cookie ID to see if the machine has been there from a different IP.

It obviously doesn't stop people clearing their cookies or switching IPs. BUT they would have to do BOTH simultaneously to bypass the checks.

**VirtuosiMedia** · 04-07-2008, 11:52 AM

You might find this article an interesting read. It talks about using "gradual engagement" in place of the traditional sign up forms, effectively allowing users to use your tools/services and letting the website automatically create a minimalistic account that gets added to as the user uses your site. Then, when the user is ready, they can finish filling out their information.