Ensuring Unique Visitors

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
Arocity
Forum Newbie
Posts: 15
Joined: Tue Jun 10, 2008 8:30 am
Location: Washington, DC

Ensuring Unique Visitors

Post by Arocity »

I'm trying to think of a way to ensure that a person/user can only perform a particular action once. More than likely I'd have to create my own user system, but unless I had some type of SSN system, I can't think of a way to make sure that each person is only able to register once. That obviously throws email registration out. Any ideas?
User avatar
Eran
DevNet Master
Posts: 3549
Joined: Fri Jan 18, 2008 12:36 am
Location: Israel, ME

Re: Ensuring Unique Visitors

Post by Eran »

Whatever you devise, people with enough motivation will find a way to break. You can limit accounts by email (first step), limit accounts by cookie (advanced users will hack this easily) and limit accounts by IP (more problematic, might annoy users).
koen.h
Forum Contributor
Posts: 268
Joined: Sat May 03, 2008 8:43 am

Re: Ensuring Unique Visitors

Post by koen.h »

I agree with pytrin. Consider how bad it would be when users register multiple times and trade it off against making it more difficult to register more than once.
User avatar
califdon
Jack of Zircons
Posts: 4484
Joined: Thu Nov 09, 2006 8:30 pm
Location: California, USA

Re: Ensuring Unique Visitors

Post by califdon »

Arocity wrote:I'm trying to think of a way to ensure that a person/user can only perform a particular action once. More than likely I'd have to create my own user system, but unless I had some type of SSN system, I can't think of a way to make sure that each person is only able to register once. That obviously throws email registration out. Any ideas?
Whatever you end up doing, don't even consider using SSN, the American social security number. There are a myriad of reasons not to use them for ID.

I agree with the others that you won't be able to absolutely guarantee unique users (short of requiring a thumb-print or retina-scan device!), but you can substantially reduce the likelihood of duplicate registrations by combining several different methods. As the previous responder said, you must consider the "cost" in terms of difficulty for the legitimate user to register against the level of insurance provided against duplicate registrations. Nobody but you can evaluate how far to go. You can pretty much eliminate robot registrations with a good "captcha" feature, but beyond that, what is it that you are trying to guard against? Do you anticipate that people will deliberately try to have multiple accounts, or are you concerned about those who forget their password and decide that it's easier to re-register? Or what? There are common ways to make it easy for "forgetters" to specify validation questions and answers.

The first and most important step is to define the problem.
User avatar
Arocity
Forum Newbie
Posts: 15
Joined: Tue Jun 10, 2008 8:30 am
Location: Washington, DC

Re: Ensuring Unique Visitors

Post by Arocity »

I'm attempting to create somewhat of a voting mechanism. The problem is that it will be, I guess you could say "open". Versus a school election where one could use a database of student ids to authenticate against. So my concern is a user voting once. I know I could use sessions and/or cookies but I was just wondering what other php guys (and girls) thought about it. I usually use a user's ip and user agent hashed together as a footprint. Oh well. I guess in actuality, the likelihood of someone good enough to hijack sessions and cookies wouldn't really be interested in my site anyway (-:
Post Reply