Solved

voting script question

Posted on 2002-07-04
8
325 Views
Last Modified: 2013-12-25
I am using a simple voting script for a school project which sets a cookie on each user's machine to prevent multiple votes. My problem is that I suspect some of the users are "cheating" so to speak by setting their browsers to not accept cookies. So my 2 questions are: Is there a way to see who is doing this, particularly if a less than scrupulous user logs on at a public place such as a library and votes many times (this is what I expect is happening). The other question is what can be done to stop this. I am a web develloper and not a programmer so I have only a marginal understanding of cgi.
0
Comment
Question by:kim4815
8 Comments
 
LVL 2

Expert Comment

by:VEngineer
Comment Utility
Can I ask what kind of voting system this is?  Is this something to vote in a survey, or elect a candidate, etc?

One way to prevent multiple votes is to assign every eligible voter a login and password to the voting section of your website.  That way, you know exactly who voted.  Granted since you aren't a programmer, this isn't an easy task, but we can start somewhere and see how we can help you out.

I rarely rely on cookies to do anything, and I can see why you think people are cheating on the vote.  Some things we might need to know:

- Do you want one vote per person or one vote per machine?  Is there a difference?

- About how many voters will you have?

- What kind of server side technologies do you have available to you (ASP, Perl/CGI, etc..)?

0
 

Author Comment

by:kim4815
Comment Utility
The system is suppose to pick the winner of various contests; and the problem I think is multiple voting by the contestants. Since people who don't attend the school are encouraged to vote, I think asking for a login and password is probably too much too ask. That being said, I would assume one vote per machine would be the simplest option. Usually the total number of votes is well under 1000. The source of my suspicion is when a sizeable block of votes come in for one particular participant all within a short period of time, like 5-10 minutes.
0
 
LVL 12

Expert Comment

by:lexxwern
Comment Utility
if all machies have fixed ip;s, then what you should do is maintain a db/list of all the ip;s that have already voted.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 12

Expert Comment

by:lexxwern
Comment Utility
ip can be tracked by the environment variable like this...


$userIP = $ENV{'REMOTE_ADDR'};
0
 

Author Comment

by:kim4815
Comment Utility
I did think about having a database to record ip's but don't most people have dynamic ips? If a person can vote; log off; then log back on with a fresh ip number, how does the database help?
0
 
LVL 11

Accepted Solution

by:
mouatts earned 100 total points
Comment Utility
There is no fool proof way unless you go down the road of logins or certificates.

But how about this approach using two basic pages.
When they request pageA check and record a cookie (or its absense)
When you send out pageA also send a cookie varying the value based on whether one was recieve or not.
On PageA there will be a link to PageB were they actually vote.
When the request for PageB is recieved again check and record the cookie value.
Now finally when they vote record the cookie value, the time, there IP address and their user agent.
Send a thnks for voting page and adjust the cookies value again.

Having done all this you can determine if a cookie is actually receive at the voting stage whether they are attempting to undertake multiple votes without changing their cookies and can discard the vote.

Where you can't tell from the cookies if they have cheated you can now compare the time, ip address and user agent to see if it looks likely that they have cheated. IE if multiple votes are received within a particular time span for the same time period then discount them if the IP address is the same or the user agent.

HTH
Steve
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Introduction:   Welcome to my first article ever. To begin with, the reason I write this article.  I participated in a question on Experts Exchange about the start command in Windows and there were some discussion about the usage. The discussio…
This tutorial will discuss the log-in process using WhizBase. In this article I assume you already know HTML. I will write the code using WhizBase Server Pages, so you need to know some basics in WBSP (you might look at some of my other articles abo…
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now