Ensuring Unique Visitors
Moderator: General Moderators
Ensuring Unique Visitors
I'm trying to think of a way to ensure that a person/user can only perform a particular action once. More than likely I'd have to create my own user system, but unless I had some type of SSN system, I can't think of a way to make sure that each person is only able to register once. That obviously throws email registration out. Any ideas?
Re: Ensuring Unique Visitors
Whatever you devise, people with enough motivation will find a way to break. You can limit accounts by email (first step), limit accounts by cookie (advanced users will hack this easily) and limit accounts by IP (more problematic, might annoy users).
Re: Ensuring Unique Visitors
I agree with pytrin. Consider how bad it would be when users register multiple times and trade it off against making it more difficult to register more than once.
Re: Ensuring Unique Visitors
Whatever you end up doing, don't even consider using SSN, the American social security number. There are a myriad of reasons not to use them for ID.Arocity wrote:I'm trying to think of a way to ensure that a person/user can only perform a particular action once. More than likely I'd have to create my own user system, but unless I had some type of SSN system, I can't think of a way to make sure that each person is only able to register once. That obviously throws email registration out. Any ideas?
I agree with the others that you won't be able to absolutely guarantee unique users (short of requiring a thumb-print or retina-scan device!), but you can substantially reduce the likelihood of duplicate registrations by combining several different methods. As the previous responder said, you must consider the "cost" in terms of difficulty for the legitimate user to register against the level of insurance provided against duplicate registrations. Nobody but you can evaluate how far to go. You can pretty much eliminate robot registrations with a good "captcha" feature, but beyond that, what is it that you are trying to guard against? Do you anticipate that people will deliberately try to have multiple accounts, or are you concerned about those who forget their password and decide that it's easier to re-register? Or what? There are common ways to make it easy for "forgetters" to specify validation questions and answers.
The first and most important step is to define the problem.
Re: Ensuring Unique Visitors
I'm attempting to create somewhat of a voting mechanism. The problem is that it will be, I guess you could say "open". Versus a school election where one could use a database of student ids to authenticate against. So my concern is a user voting once. I know I could use sessions and/or cookies but I was just wondering what other php guys (and girls) thought about it. I usually use a user's ip and user agent hashed together as a footprint. Oh well. I guess in actuality, the likelihood of someone good enough to hijack sessions and cookies wouldn't really be interested in my site anyway (-: