Need to create a poll that a user can only fill out once...

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
fgomez
Forum Commoner
Posts: 61
Joined: Mon Sep 26, 2005 11:23 pm
Location: Washington, DC

Need to create a poll that a user can only fill out once...

Post by fgomez »

I need to create a poll that any individual user can only fill out once, but with one important restriction: the user should not have to create/log in to any account.

I thought about logging IP addresses, but as far as I can tell, if two or more computers are sharing an internet connection, they will share an IP address. This means that this particular office would get to vote only once, as all six employees share one connection. If it doesn't "work" in the office, the boss wouldn't go for it. Plus, it's likely that this method will exclude other legitimate voters, which is unacceptable.

I also thought about setting a cookie, but then of course there is the possibility that the user could delete the cookie and vote again.

Granted, these "solutions" would still allow the user to vote more than once if the user had access to multiple internet connections or multiple computers, but at least they would present a roadblock to vote stuffing.

Unfortunately, I can't think of a better option at the moment than setting a cookie. Any thoughts?

Thanks!
User avatar
Burrito
Spockulator
Posts: 4715
Joined: Wed Feb 04, 2004 8:15 pm
Location: Eden, Utah

Post by Burrito »

cookie is going to be your best solution short of setting a login.
User avatar
Dr Evil
Forum Contributor
Posts: 184
Joined: Wed Jan 14, 2004 9:56 am
Location: Switzerland

Post by Dr Evil »

Classical problem!

The whole thing is you must decide where you want to draw the line.

IP blocked drawbacks:
-a user can change computers and revote.
-if the user has a dynamic IP he can redial his provider and revote.
-multiple users of a network sharing an IP will not all be able to vote.
-an advanced user can use a proxy switching software and revote as often as he finds open proxies.

Cookie drawback:
-one PC only votes once
-if cookies are disabled a user might be able to revote or never can vote
-a medium user can erase his cookies and revote.

You must choose which drawback you want to live with. You will never find a perfect solution. You could also ask people to submit a valid email and send them a single use code. he user would need to create a new email to vote again.

I certainly missed a few points...
User avatar
daedalus__
DevNet Resident
Posts: 1925
Joined: Thu Feb 09, 2006 4:52 pm

Post by daedalus__ »

I consider IP a very, very, very last resort at the very best.

In my opinion, cookies are your only option that does not involve registration.

You could stop one IP from voting more than once every 12 hours and then use cookies to prevent them from voting for longer, though. Most peoples IP address' change about every 24 hours as far as I know. There is a very good chance that I am wrong about that, though.
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

Post by m3mn0n »

Keep in mind cookies might be rejected/disabled/deleted. And IPs can change often for some and potentially (I've found this to be even true in small communities) multiple users from different parts of the country can report the same IP because they share the same ISP.

I'd suggest do a very stripped-down and basic user account system, then I'd suggest simply storing the submitted values and checking it against what's being submit again to look for duplicates from an individual. Then there is doing some sort of e-mail validation system, where a confirmation link is sent, and of course restriction based on cookies and IP.

Personally, if this isn't too critical I'd say simply restrict based on IP. If some people are turned away, that's a shame, but it'll mean more integrity in your vote counts than a cookie based system. Why that's so is much more people know how to clear cookies than the number of people who know what a proxy serer is and how to utilize that to mask their identity.
User avatar
wtf
Forum Contributor
Posts: 331
Joined: Thu Nov 03, 2005 5:27 pm

Post by wtf »

Flash shared object.
fgomez
Forum Commoner
Posts: 61
Joined: Mon Sep 26, 2005 11:23 pm
Location: Washington, DC

Post by fgomez »

Wow! Thanks for all the comments, folks!

So here's the deal: Boss wants it to be simple. No registration, no email, nothing like that. Boss also doesn't care if people vote twice, but if there are no safeguards whatsoever, the results have no integrity and are totally meaningless. So even if it's not perfect, I am going to do something to discourage double-voting although I know I can't prevent it.

Seems like, as I suspected, cookies are going to be the way to go. Someone suggested a shared Flash object, but I don't know much Flash at all and I'm not about to learn it for something like this!

True, users will be able to double-vote if they clear their cookies, but the boss would rather err on the side of allowing double votes than blocking legitimate users. I am going to make a case for sending an email at the end of the vote that says "click this link to confirm your vote" but I've got a pretty good feeling it will be shot down.

Thanks for your ideas!
User avatar
tecktalkcm0391
DevNet Resident
Posts: 1030
Joined: Fri May 26, 2006 9:25 am
Location: Florida

Post by tecktalkcm0391 »

You could just use sessions+cookies and make it so they don't expire for a long time.

Code: Select all

$expire_session = 2629743 ; // 3600 seconds = 60 minutes = 1 hour
//86400 seconds = 24 hours --- 31556926 seconds = 1 year --- 2629743.83 seconds = month 
ini_set('session.gc_maxlifetime', $expire_session); //max time for a session to last

ini_set('session.gc_probability', '1'); // used to make delete probablity (numorator)
ini_set('session.gc_divisor', '1'); //used to make delete proablity (demoninator)
// percent (1/100) = 1% change the session will be deleted
Post Reply