Page 1 of 1

PHP Poll, stop double voting

Posted: Sun Aug 07, 2005 11:13 am
by thesimon
I have managed to script a poll with PHP and mySQL. Currently on the page i have the table in which the choices can be made and a second table with the results.

I would like for those who havnt voted to see the first table, and for those who have voted to see results, and not be able to vote again (i know there is no foolproof way, but if you could show me the most used way that would be great).

So if you could help me that would me most appreciated.

Posted: Sun Aug 07, 2005 11:20 am
by pilau
You might want to look at the source code oh phpBB or at a DB table called "poll". Maybe it'll help (I just don't know how to do it) :P

Posted: Sun Aug 07, 2005 11:27 am
by Sander
Well, as far as I know there are 2 things you can do to prevent someone for double voting.

The first option is to save his IP adress. This of course won't work if the user has a dynamic IP, or if he just goes to another computer.

The other option is to store a cookie on the user's computer. Again, this won't work if the user simply goes to another computer, and he can also just delete the cookie from his computer. There is also the possibility that the cookie will never get stored because of the user's security settings.

The 'best' way would probably be to do both; save the IP and set a cookie.

Posted: Sun Aug 07, 2005 1:25 pm
by s.dot
I agree a cookie would be the best way.

However if you have a login system, you could log who voted by username, and not allow them to vote again.

Posted: Sun Aug 07, 2005 2:14 pm
by josh
Probably the most straight forward way is require a user to signup with an account at your web site before he can vote, only let each member vote once, I take it your web site already has some sort of system in place to restrict accounts to one per person?

Well it's been discussed here but I'll go over the basics:
Require email verification for a signup, no two accounts can have the same email.
Code some sort of a system that logs IP addresses, and flags suspicious accounts (accounts that have logged in from the same IP addresses)
Also flag groups of accounts if their email addresses follow any kind of noticeable pattern ('user1@example.com', 'user2@example.com', etc...)
This way you can login in to your web site, go to the admin panel and see accounts that have been flagged as account sharing, this won't prevent anything but it will definitely help you locate accounts that are sharing and delete them manually.

Posted: Sun Aug 07, 2005 10:31 pm
by thesimon
How would i go about using cookies to achieve that? Its not that important that they cant go about voting again, it will just be better if they have to delete cookies before doing so.

Posted: Sun Aug 07, 2005 11:41 pm
by feyd
if the only people that can see these polls are logged in, then use database.. otherwise.. use cookie/ip recording ... the problem with the latter ones is you can't entirely rely on them to work. IP records should not deny someone from voting again.. there are too many instances where a different person/machine could get the same IP, but be perfectly valid to vote as they have not voted before..

To make things easier, it's just best to only allow voting on registered users. However, a nonregistered user should be able to view the poll and results.. just not vote.

Posted: Mon Aug 08, 2005 5:41 am
by s.dot
thesimon wrote:How would i go about using cookies to achieve that? Its not that important that they cant go about voting again, it will just be better if they have to delete cookies before doing so.
When you process their voting data

Code: Select all

setcookie("poll","1",time()+86400*30); // persist for 30 days
Then on the page that displays the voting form

Code: Select all

if($_COOKIE['poll'] == 1)
{
    die("you've already voted in this poll");
} ELSE
{
    // show poll
}