While learning Laravel, I want to make a simple Guestbook with the following requirements:
Visitors can post messages without signing in. They can only post a message every 24 hours. I'm not sure how I would "track" users individually (via IP address?) as to stop spamming. I do not want a login system if possible.
Messages are stored in the database and removed after an hour. Would I set a scheduler to "prune" my database every minute?
How would I approach these 2 problems the laravel way?
Well, even if you don't want users to sign in, there is some way you have to identify the same user to prevent him from posting again. If you don't want the login/registration system, then you could identify user by his IP address. Please do note this isn't ideal due to proxies everywhere, and some ISPs (Internet Service Provider) assign a dynamic IP address for each user on each connection. The same is the case with my ISP, so I could re-connect and post to your guestbook again. Something to have in mind. So all you'd do is check within the database whether the user with specific IP address has made an entry to your guestbook in the last 24 hours.
You should look at this super-cool feature that came with Laravel 5 - Artisan Scheduler!
Say you created an artisan command, such as guestbook:remove-messages that would delete messages from the database that have been there for more than one hour, you would just place it in your scheduler, like so:
$schedule->command('guestbook:remove-messages');
or you can do it all as a closure, such as
$schedule->call(function()
{
// your code to remove the messages that are inserted an hour ago
});
and that would be it. You just have to run one cron-job on your server, and you can have as many commands as you like.
Thanks for the response toniperic. I want to touch back on some points:
Yes my worries are with dynamic IPs. What are the best methods of combatting deliberate spamming? Would I utilize browser cookies in some way? I've seen this kind of thing implemented in Newspaper sites where they restrict the user (without sign up) to a few articles per day.
Unfortunately I'm still on Laravel 4.2 but I'd be lying if I told you that Artisan Scheduler wasn't super cool! Luckily I have Laravel Forge on my side, I think I can schedule a CRON job without too much hassle.
Well, you have to identify the user somehow - by storing the identification data on your server (and make them identify/log-in), or by storing identification data on their side (cookie). Depending on how skilled they are, they can modify the data from their side, such as edit the cookie, change the IP address or anything else that's stored on their side. When it's stored on your side and they have to identify themself first, then you've got the advantage there (plus they can't edit that data, as it's stored on your server).
As for cron job - yeah, that shouldn't be too hard to do in L4 either.
If you’re looking for an exciting, fun-filled day out for the whole family, Worlds of Wonder Water Park is the perfect place to be! Located in Gurgaon, this amusement park has something for everyone – from thrilling water rides to kiddie pools and slides. With a variety of attractions and activities on offer, Worlds of Wonder Water Park offers a full day of entertainment and fun. Whether you’re into fast-paced roller coasters or relaxing lazy rivers, there is something here that will make your day special. Come and explore the many worlds of wonder at this world-class water park!
