Solved

voting script question

Posted on 2002-07-04
8
332 Views
Last Modified: 2013-12-25
I am using a simple voting script for a school project which sets a cookie on each user's machine to prevent multiple votes. My problem is that I suspect some of the users are "cheating" so to speak by setting their browsers to not accept cookies. So my 2 questions are: Is there a way to see who is doing this, particularly if a less than scrupulous user logs on at a public place such as a library and votes many times (this is what I expect is happening). The other question is what can be done to stop this. I am a web develloper and not a programmer so I have only a marginal understanding of cgi.
0
Comment
Question by:kim4815
8 Comments
 
LVL 2

Expert Comment

by:VEngineer
ID: 7132584
Can I ask what kind of voting system this is?  Is this something to vote in a survey, or elect a candidate, etc?

One way to prevent multiple votes is to assign every eligible voter a login and password to the voting section of your website.  That way, you know exactly who voted.  Granted since you aren't a programmer, this isn't an easy task, but we can start somewhere and see how we can help you out.

I rarely rely on cookies to do anything, and I can see why you think people are cheating on the vote.  Some things we might need to know:

- Do you want one vote per person or one vote per machine?  Is there a difference?

- About how many voters will you have?

- What kind of server side technologies do you have available to you (ASP, Perl/CGI, etc..)?

0
 

Author Comment

by:kim4815
ID: 7132602
The system is suppose to pick the winner of various contests; and the problem I think is multiple voting by the contestants. Since people who don't attend the school are encouraged to vote, I think asking for a login and password is probably too much too ask. That being said, I would assume one vote per machine would be the simplest option. Usually the total number of votes is well under 1000. The source of my suspicion is when a sizeable block of votes come in for one particular participant all within a short period of time, like 5-10 minutes.
0
 
LVL 12

Expert Comment

by:lexxwern
ID: 7133500
if all machies have fixed ip;s, then what you should do is maintain a db/list of all the ip;s that have already voted.
0
How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

 
LVL 12

Expert Comment

by:lexxwern
ID: 7133508
ip can be tracked by the environment variable like this...


$userIP = $ENV{'REMOTE_ADDR'};
0
 

Author Comment

by:kim4815
ID: 7133960
I did think about having a database to record ip's but don't most people have dynamic ips? If a person can vote; log off; then log back on with a fresh ip number, how does the database help?
0
 
LVL 11

Accepted Solution

by:
mouatts earned 100 total points
ID: 7134104
There is no fool proof way unless you go down the road of logins or certificates.

But how about this approach using two basic pages.
When they request pageA check and record a cookie (or its absense)
When you send out pageA also send a cookie varying the value based on whether one was recieve or not.
On PageA there will be a link to PageB were they actually vote.
When the request for PageB is recieved again check and record the cookie value.
Now finally when they vote record the cookie value, the time, there IP address and their user agent.
Send a thnks for voting page and adjust the cookies value again.

Having done all this you can determine if a cookie is actually receive at the voting stage whether they are attempting to undertake multiple votes without changing their cookies and can discard the vote.

Where you can't tell from the cookies if they have cheated you can now compare the time, ip address and user agent to see if it looks likely that they have cheated. IE if multiple votes are received within a particular time span for the same time period then discount them if the IP address is the same or the user agent.

HTH
Steve
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction:   Welcome to my first article ever. To begin with, the reason I write this article.  I participated in a question on Experts Exchange about the start command in Windows and there were some discussion about the usage. The discussio…
If you get a (Blue Screen of Death), your system writes a small file called a minidump. Your first step is to make certain your computer is setup to record memory dumps. Right click My Computer, choose properties. Click on the advanced tab, an…
Learn the basics of if, else, and elif statements in Python 2.7. Use "if" statements to test a specified condition.: The structure of an if statement is as follows: (CODE) Use "else" statements to allow the execution of an alternative, if the …
The viewer will learn how to dynamically set the form action using jQuery.

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question