Display alert on main page when function is called

Question

I'm trying to display an alert message on my main page which is index.php. I use a second file to insert the amount of times the button has been pressed. But the user should only be able to vote every 5 minutes. It should display them an alert message if the vote failed or succeeded.

Right now it always displays both buttons on the index.php.

Index.php

<html>
    <body>
        <!-- ** PHP ** -->
        <?php 
        include_once 'resources/method.php';
        ?>
        <!-- ** HTML ** -->
            <form id="button1" action="resources/method.php" method="post">
                <input type="submit" value="VOTE"/>
            </form>
    </body>
</html>

method.php

<?php
// if (5mins passed) {
// } elseif (time <= 5mins) {
//  insert query;
// }

// if (5mins passed) {
?>
    <div class="alert">
        Wait 5mins
    </div>
<?php
// } else {
?>
    <div class="alert">
        Success!
    </div>
<?php
// }
?>

<?php
header ( 'Refresh: 5; URL=/project/index.php' );
?>

Here's the fiddle to what I'm currently stuck with. Fiddle (Its not really necessary)

It should only display the "Wait 5mins" button when 5 minutes have not passed yet and the "Success!" button should be displayed when 5 minutes have passed. If the user did not click the "Vote" button none of them should be displayed.

In case you want to check if 5 minutes has been passed you need to use `cookies` or `sessions` to "remember" the last time the user voted. — Ofir Baruch, Apr 24 '15 at 11:46
Use setInterval() and set delay of 5 min, and in callback function of setInterval you can add your logic. — Karan Patyal, Apr 24 '15 at 11:49

score 0 · Accepted Answer · edited May 23 '17 at 11:53

You should never make the frontend decide wether or not you're allowed to vote.
Never trust user input, no exception here. You can easily add some check in your phpcode:

$time2wait = 300;
if( isset($_POST) ){
    if( $_SESSION['last_action']+$time2wait > time() ){
        $message = "Sorry, only one vote per ".$time2wait." seconds";
    }
    else{
        // Do you saving stuff
        $_SESSION['last_action'] = time(); // store last action
        $message = "The action is complete";
    }
}
/* other code might go here, or some html, or some templates */
echo $message;

To improve UI, you could add a counter. Just change your message to something like this:

$message = "Sorry, only one vote per ".$time2wait." seconds";
$message.= "Please wait <span id='counter'>".($_SESSION['last_action']+$time2wait-time())."</span> seconds";

This will show the user the remaining amount of seconds. To even improve this further, javascript:

var count = parseInt(document.getElementById("counter").innerHTML, 10);
function timer(){
    count=count-1;
    if (count <= 0){
        clearInterval(counter);
        // Refresh your page here, like: window.location=window.location;
        return;
    }
    document.getElementById("counter").innerHTML=count;
}

var counter=setInterval(timer, 1000); //1000 will  run it every 1 second

- The javascript is based on this topic's answer

Nope. Only when they close their session (e.g.: Log out), or open a new browser. To counter this, you will need some more complicated solutions based on IP's and maybe some cookies, but it'll never be 100% foolproof. — Martijn, Apr 29 '15 at 07:10
I did it by saving their IP in a db + the time of their last vote. Do you think this could work? — Aruloci, Apr 29 '15 at 07:32
Yeah, but when you have multiple people on 1 IP (like a workplace), only one can vote. — Martijn, Apr 29 '15 at 09:11

Display alert on main page when function is called

1 Answers1