Jump to content

[SOLVED] Rating script - how to prevent people from voting multiple times?

avillanu

By avillanu
in PHP Coding Help

 Share

Recommended Posts

pocobueno1388 Regular Member

pocobueno1388

Posted
Posted

Are the people voting required to be logged into an account? If so, that would make this whole thing easier. If they don't need to be logged in, then you might have some issues with this. You could log IP addresses, but some people have the same one, plus they are always changing...so that wouldn't work very well.

Link to comment
Share on other sites
Orio Member

Orio

Posted
Posted

I'd say go for cookie + IP. Send each voter a cookie that it if it exists he cant vote again. Also, log the IP and if a same IP votes again dont count it.

Another thing you should do- don't display messages like "You can vote more than once" if someone gets blocked by the IP-check or the Cookie-check. Let them think they manged to bypass your security- this way they won't even think or try to improve their "attack" method by blocking cookies using proxies or something like that (at least most of the people).

 

Hope this helps,

Orio.

Link to comment
Share on other sites
BlueSkyIS Newbie

BlueSkyIS

Posted
Posted

Are the people voting required to be logged into an account? If so, that would make this whole thing easier. If they don't need to be logged in, then you might have some issues with this. You could log IP addresses, but some people have the same one, plus they are always changing...so that wouldn't work very well.

Link to comment
Share on other sites
cooldude832 Advanced Member

cooldude832

Posted
Posted

I'd say go for cookie + IP. Send each voter a cookie that it if it exists he cant vote again. Also, log the IP and if a same IP votes again dont count it.

Another thing you should do- don't display messages like "You can vote more than once" if someone gets blocked by the IP-check or the Cookie-check. Let them think they manged to bypass your security- this way they won't even think or try to improve their "attack" method by blocking cookies using proxies or something like that (at least most of the people).

 

Hope this helps,

Orio.

 

I'd say that will be a very terrible option on a few reasons.  One IP never works because Proxies will get you and you could end up block a person you don't want to block via a pool of ips from an ISP.  Secondly Cookies can be deleted.  What the best idea is to use a hybrid of cookies/session.  Where the session is a short term storage and cookie is long term.  I.E if they delete the cookie, the session is still there and remakes the cookie making their vote incastable.  However if you have a memeber system i'd suggest just make a 3 column table with ID, UserID, ItemID and on the item say select from table where userid = $_SESSION['userid'] and ItemId = $_GET['itemid'] and if u get a match don't let em vote.  that is of course if u have a login system and registration required to vote.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.