hbalagh Posted August 22, 2007 Share Posted August 22, 2007 I through together a poll script along with lots of help from the members here at phpfreaks... We added an IP feature to prevent people from voting more then once. And it works great however not with AOL for some reason if the user is using aol they are sent right back and it still shows the option to vote and they can keep voting... anyone here of this issue with aol and ip addresses? Quote Link to comment Share on other sites More sharing options...
php_tom Posted August 22, 2007 Share Posted August 22, 2007 Not sure about that... but I'd use IP+something else to stop users from voting multiple times. Here's why: for example, I'm on a home network with about 6 computers on it, but because we all go through the same firewall/router/wireless DSL modem, it looks to the outside world like all 6 computers have the same IP. So if you design your app that way, only one person in my house could vote... not ideal. I'd use a login script or something. Quote Link to comment Share on other sites More sharing options...
lemmin Posted August 22, 2007 Share Posted August 22, 2007 I am guessing you are using $_SERVER variables to check the ip of the user. These are HTTP headers, so any browser cna modify them or just not send them at all, if they want. I don't think there is a way around that. My suggestion is to do a print_r($_SERVER) from an aol user and see what exactly is in the array. You could see if it is giving an IP anywhere or if there is some other variable you could use similarly. Quote Link to comment Share on other sites More sharing options...
Hypnos Posted August 22, 2007 Share Posted August 22, 2007 No matter what you do, any poll that doesn't have any sort of requirement to it (like a registration, and registered before X date) is going to be susceptible to abuse. Most polls just accept it as part of the inaccuracy percentage of an online anonymous poll. With IP based, I'm not so sure about header spoofing (I've never seen a proof of concept), but you do have to worry about DHCP. AOL users can just disconnect and reconnect, and they have a new random IP. This can be done with most home connections in a similar fashion, simply because home connections do not have dedicated IPs. Not to mention the millions of proxy servers out there. Do a session + IP. Users can still clear their cookies and reconnect, but it does add an extra hoop. If you want to really be nasty, you can do things like not allowing votes from the similar HTTP request headers back to back. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.