When the user uploads the files you need to save the IP Address and the date, in a DB.

$domain = gethostbyname($REMOTE_ADDR);

And use that to prevent the person from uploading again, by checking the ip address of the visitor against the database list you have in your DB.

I am not sure which IP Address you get from the above line though. Someone will let us know the right syntax if the above is not working for you.

Habtom

To obtain a users IP address the following snippet should work.

$ip = $_SERVER['REMOTE_ADDR'];

Restricting a user by IP is definitely the way to go, restricting a user by Session would be very easy to get around (just start a new browser instance).

You might run into problems using IP address as the only way of determining users, as certain ISP's (AOL springs to mind) use Proxy Servers which offer up the same IP address for multiple users so you could be inadvertently restricting users from uploading.

If you have any sort of login process before the user is allowed to upload, I would try and modify this to record when a user uploads something as it will likely be much more accurate.

[edited by: Sagaris at 10:57 am (utc) on June 6, 2007]

good point.

Do the users need to register before uploading files, do they need to login to upload the files? If your answer is yes, you can take the date and the user name, and restrict the person from uploading based on those info. If users don't login to upload, the IP is the way to go.

Habtom

No,users do not have to login(they didnt want to)
I already save their ip and submission date with every upload.At first i set the ip and date cols as unique keys but that throws duplicate entry errors and stops them from uploading forever.
Now that i have their ip and date stored,how would i allow them say one upload per week?
Thank you very much for supporting me!

May be do a cronjob which clears the IP Addresses older than 1 week from the DB.

Habtom

Or compare the submission date with the current date and allow an upload if it's more than a week ago. Then update the submission date to the current date.

You may still encounter problems with people on dynamic IP addresses (e.g. AOL users).

I think may be i will just content with restricting the email and run a cron job to clear the emails.The ip thing seems less flexible as there are a significant users that connect from a shared pc(libraries,schools,cybercafes,etc).A sick dude can go and create another email,but since i require email confirmation on every upload,may be it'll make it a bit difficult for them
do you think this is a good alternative?

Oh no, i dont have an email col for that matter.
still stuck.i wish if i can run a cron job on the unique key to remove it and place it back on a weekly basis.

You can create a completely new table for this:

id - num
date - timestamp
ipaddress -varchar

or something similar

:)

If a user has to click a link in an email to verify it was them who uploaded a file, that would seem like a good solution - it gives you a unique way of identifying a user without the problem of IP addresses but it can't be abused easily either.

Update - Disregard this as moroose has just stated he doesn't have an email col!

[edited by: Sagaris at 12:44 pm (utc) on June 6, 2007]

Again,thank you all for helping out
I think i will just content with the email verification thing
tough job,eh!
Have a good day!