enter once

[PHP_TRY_HARD]

I am making a web site that is going to have a competition on it.  We want people to only enter once.  All of the data will go into a mySQL database.  Also to stop people using fake names it might be best to read the computers I.P. so they can only enter once.

 

I have no idea how to go about it, any ideas? 

Thank you.

[hellonoko]

$ip=$_SERVER['REMOTE_ADDR'];

 

You might want to also store that they have voted in a cookie to double check it.

[Lodius2000]

store their email address, that will get rid of a lot of multiple entries, I might think. The average person probably has no more than 2 emails and is too lazy to sign up for another.

 

we at php freaks though are not average, since lots of us have our own domains, we have hundreds if not thousands of email addresses open to us, so you may have to look through your database and look for awesome@example.com, awesome1@example.com, awesome2@example.com..... that is probably the webmaster at example.com spamming your contest.

 

on logging the ip, not really a great idea. as milton, employee of initech (who uses a shared connection) leans over his cubicle wall and tells peter about your awesome contest that he just entered, peter can not enter the contest because you have logged and blocked milton's ip, but peter and milton have the same ip

[PHP_TRY_HARD]

Good point with the email address and I.P. 

 

So would I have to delete the multiple entries off the database or is there some code that will check the database for the email address and bounce back an error code saying that they have already applied. 

 

I realise that if the email is like you said "awesome@example.com, awesome1@example.com, awesome2@example.com" that I would need to delete the entries.

[Lodius2000]

So would I have to delete the multiple entries off the database or is there some code that will check the database for the email address and bounce back an error code saying that they have already applied.

 

that could partially be solved by a rather complicated regular expression (not my expertise) but there is also a human element to it too, whats to say that awesome1@yahoo.com and awesome2@yahoo.com arent the same guy, but also whats to say that they are.

 

versus if you get entries from joe@joeshmoe.com, and joe1@joeshmoe.com and you go to joeshmoe.com and it is a guy named joe shmoe's personal wordpress blog, so you investigate further... you sign up for an account so you can see the registered users, and what do you know, there is only 2 users, you and joe. in this case you are most certainly dealing with spam since joe obviously has the rights to the domain, he is just setting up emails here and there. but if you got joe@joeshmoe.com and bill@joeshmoe.com, and bill was a constant contributor to joes blog, maybe he is joes neighbor and joe set him up with a free email account.

 

unless you put a 1 entry per MAILING address clause in your terms and then check against all your db entries, it will be hard to stop spam, because email addresses come easy, physicals, not so much, each person probably has home and work, then maybe a PO box also, so at most we are looking at 3 or 4 addresses that a person who really wants to spam your contest can use. beyond that they will be going out of their way to enter your contest, which will probably cost them money (getting more PO boxes)

 

in summation, you are going to have to accept the fact that there will be a limited amount of spam in your contests, the important thing to do is to minimize how much spam 1 person can generate. I personally think that tying their electronic entry to something in the physical world does the best job of that, where logging ip's or any other form of electronic uniqueness (is there such a thing?) does not, because it either eliminates potential entrants (IP log) or is too easy to fudge (email problems we have been discussing)

[jlhaslip]

Use a Registration/Login script to only allow Logged-in users to vote (once) based on their user ID number.