Page 1 of 1
Need to create a poll that a user can only fill out once...
Posted: Mon Feb 05, 2007 4:21 pm
by fgomez
I need to create a poll that any individual user can only fill out once, but with one important restriction: the user should not have to create/log in to any account.
I thought about logging IP addresses, but as far as I can tell, if two or more computers are sharing an internet connection, they will share an IP address. This means that this particular office would get to vote only once, as all six employees share one connection. If it doesn't "work" in the office, the boss wouldn't go for it. Plus, it's likely that this method will exclude other legitimate voters, which is unacceptable.
I also thought about setting a cookie, but then of course there is the possibility that the user could delete the cookie and vote again.
Granted, these "solutions" would still allow the user to vote more than once if the user had access to multiple internet connections or multiple computers, but at least they would present a roadblock to vote stuffing.
Unfortunately, I can't think of a better option at the moment than setting a cookie. Any thoughts?
Thanks!
Posted: Mon Feb 05, 2007 5:34 pm
by Burrito
cookie is going to be your best solution short of setting a login.
Posted: Mon Feb 05, 2007 5:39 pm
by Dr Evil
Classical problem!
The whole thing is you must decide where you want to draw the line.
IP blocked drawbacks:
-a user can change computers and revote.
-if the user has a dynamic IP he can redial his provider and revote.
-multiple users of a network sharing an IP will not all be able to vote.
-an advanced user can use a proxy switching software and revote as often as he finds open proxies.
Cookie drawback:
-one PC only votes once
-if cookies are disabled a user might be able to revote or never can vote
-a medium user can erase his cookies and revote.
You must choose which drawback you want to live with. You will never find a perfect solution. You could also ask people to submit a valid email and send them a single use code. he user would need to create a new email to vote again.
I certainly missed a few points...
Posted: Mon Feb 05, 2007 6:09 pm
by daedalus__
I consider IP a very, very, very last resort at the very best.
In my opinion, cookies are your only option that does not involve registration.
You could stop one IP from voting more than once every 12 hours and then use cookies to prevent them from voting for longer, though. Most peoples IP address' change about every 24 hours as far as I know. There is a very good chance that I am wrong about that, though.
Posted: Mon Feb 05, 2007 6:28 pm
by m3mn0n
Keep in mind cookies might be rejected/disabled/deleted. And IPs can change often for some and potentially (I've found this to be even true in small communities) multiple users from different parts of the country can report the same IP because they share the same ISP.
I'd suggest do a very stripped-down and basic user account system, then I'd suggest simply storing the submitted values and checking it against what's being submit again to look for duplicates from an individual. Then there is doing some sort of e-mail validation system, where a confirmation link is sent, and of course restriction based on cookies and IP.
Personally, if this isn't too critical I'd say simply restrict based on IP. If some people are turned away, that's a shame, but it'll mean more integrity in your vote counts than a cookie based system. Why that's so is much more people know how to clear cookies than the number of people who know what a proxy serer is and how to utilize that to mask their identity.
Posted: Mon Feb 05, 2007 6:36 pm
by wtf
Flash shared object.
Posted: Mon Feb 05, 2007 8:03 pm
by fgomez
Wow! Thanks for all the comments, folks!
So here's the deal: Boss wants it to be simple. No registration, no email, nothing like that. Boss also doesn't care if people vote twice, but if there are no safeguards whatsoever, the results have no integrity and are totally meaningless. So even if it's not perfect, I am going to do something to discourage double-voting although I know I can't prevent it.
Seems like, as I suspected, cookies are going to be the way to go. Someone suggested a shared Flash object, but I don't know much Flash at all and I'm not about to learn it for something like this!
True, users will be able to double-vote if they clear their cookies, but the boss would rather err on the side of allowing double votes than blocking legitimate users. I am going to make a case for sending an email at the end of the vote that says "click this link to confirm your vote" but I've got a pretty good feeling it will be shot down.
Thanks for your ideas!
Posted: Mon Feb 05, 2007 8:22 pm
by tecktalkcm0391
You could just use sessions+cookies and make it so they don't expire for a long time.
Code: Select all
$expire_session = 2629743 ; // 3600 seconds = 60 minutes = 1 hour
//86400 seconds = 24 hours --- 31556926 seconds = 1 year --- 2629743.83 seconds = month
ini_set('session.gc_maxlifetime', $expire_session); //max time for a session to last
ini_set('session.gc_probability', '1'); // used to make delete probablity (numorator)
ini_set('session.gc_divisor', '1'); //used to make delete proablity (demoninator)
// percent (1/100) = 1% change the session will be deleted