Solved

voting script question

Posted on 2002-07-04
8
330 Views
Last Modified: 2013-12-25
I am using a simple voting script for a school project which sets a cookie on each user's machine to prevent multiple votes. My problem is that I suspect some of the users are "cheating" so to speak by setting their browsers to not accept cookies. So my 2 questions are: Is there a way to see who is doing this, particularly if a less than scrupulous user logs on at a public place such as a library and votes many times (this is what I expect is happening). The other question is what can be done to stop this. I am a web develloper and not a programmer so I have only a marginal understanding of cgi.
0
Comment
Question by:kim4815
8 Comments
 
LVL 2

Expert Comment

by:VEngineer
ID: 7132584
Can I ask what kind of voting system this is?  Is this something to vote in a survey, or elect a candidate, etc?

One way to prevent multiple votes is to assign every eligible voter a login and password to the voting section of your website.  That way, you know exactly who voted.  Granted since you aren't a programmer, this isn't an easy task, but we can start somewhere and see how we can help you out.

I rarely rely on cookies to do anything, and I can see why you think people are cheating on the vote.  Some things we might need to know:

- Do you want one vote per person or one vote per machine?  Is there a difference?

- About how many voters will you have?

- What kind of server side technologies do you have available to you (ASP, Perl/CGI, etc..)?

0
 

Author Comment

by:kim4815
ID: 7132602
The system is suppose to pick the winner of various contests; and the problem I think is multiple voting by the contestants. Since people who don't attend the school are encouraged to vote, I think asking for a login and password is probably too much too ask. That being said, I would assume one vote per machine would be the simplest option. Usually the total number of votes is well under 1000. The source of my suspicion is when a sizeable block of votes come in for one particular participant all within a short period of time, like 5-10 minutes.
0
 
LVL 12

Expert Comment

by:lexxwern
ID: 7133500
if all machies have fixed ip;s, then what you should do is maintain a db/list of all the ip;s that have already voted.
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 
LVL 12

Expert Comment

by:lexxwern
ID: 7133508
ip can be tracked by the environment variable like this...


$userIP = $ENV{'REMOTE_ADDR'};
0
 

Author Comment

by:kim4815
ID: 7133960
I did think about having a database to record ip's but don't most people have dynamic ips? If a person can vote; log off; then log back on with a fresh ip number, how does the database help?
0
 
LVL 11

Accepted Solution

by:
mouatts earned 100 total points
ID: 7134104
There is no fool proof way unless you go down the road of logins or certificates.

But how about this approach using two basic pages.
When they request pageA check and record a cookie (or its absense)
When you send out pageA also send a cookie varying the value based on whether one was recieve or not.
On PageA there will be a link to PageB were they actually vote.
When the request for PageB is recieved again check and record the cookie value.
Now finally when they vote record the cookie value, the time, there IP address and their user agent.
Send a thnks for voting page and adjust the cookies value again.

Having done all this you can determine if a cookie is actually receive at the voting stage whether they are attempting to undertake multiple votes without changing their cookies and can discard the vote.

Where you can't tell from the cookies if they have cheated you can now compare the time, ip address and user agent to see if it looks likely that they have cheated. IE if multiple votes are received within a particular time span for the same time period then discount them if the IP address is the same or the user agent.

HTH
Steve
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever wondered how to display how many visitors you have online. In this tutorial I will show you an easy but effective way to display the number of online visitors in WhizBase. In this article I assume you have read my previous articles and know …
Introduction:   Welcome to my first article ever. To begin with, the reason I write this article.  I participated in a question on Experts Exchange about the start command in Windows and there were some discussion about the usage. The discussio…
Learn the basics of modules and packages in Python. Every Python file is a module, ending in the suffix: .py: Modules are a collection of functions and variables.: Packages are a collection of modules.: Module functions and variables are accessed us…
Learn the basics of while and for loops in Python.  while loops are used for testing while, or until, a condition is met: The structure of a while loop is as follows:     while <condition>:         do something         repeate: The break statement m…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question