Jump to content

Recommended Posts

I through together a poll script along with lots of help from the members here at phpfreaks...  We added an IP feature to prevent people from voting more then once.  And it works great however not with AOL for some reason if the user is using aol they are sent right back and it still shows the option to vote and they can keep voting... anyone here of this issue with aol and ip addresses? 

Link to comment
https://forums.phpfreaks.com/topic/66251-ip-addresses-and-aol/
Share on other sites

Not sure about that... but I'd use IP+something else to stop users from voting multiple times.

 

Here's why: for example, I'm on a home network with about 6 computers on it, but because we all go through the same firewall/router/wireless DSL modem, it looks to the outside world like all 6 computers have the same IP. So if you design your app that way, only one person in my house could vote... not ideal.

 

I'd use a login script or something.

Link to comment
https://forums.phpfreaks.com/topic/66251-ip-addresses-and-aol/#findComment-331365
Share on other sites

I am guessing you are using $_SERVER variables to check the ip of the user. These are HTTP headers, so any browser cna modify them or just not send them at all, if they want. I don't think there is a way around that. My suggestion is to do a print_r($_SERVER) from an aol user and see what exactly is in the array. You could see if it is giving an IP anywhere or if there is some other variable you could use similarly.

Link to comment
https://forums.phpfreaks.com/topic/66251-ip-addresses-and-aol/#findComment-331368
Share on other sites

No matter what you do, any poll that doesn't have any sort of requirement to it (like a registration, and registered before X date) is going to be susceptible to abuse. Most polls just accept it as part of the inaccuracy percentage of an online anonymous poll.

 

 

With IP based, I'm not so sure about header spoofing (I've never seen a proof of concept), but you do have to worry about DHCP. AOL users can just disconnect and reconnect, and they have a new random IP. This can be done with most home connections in a similar fashion, simply because home connections do not have dedicated IPs. Not to mention the millions of proxy servers out there.

 

 

Do a session + IP. Users can still clear their cookies and reconnect, but it does add an extra hoop. If you want to really be nasty, you can do things like not allowing votes from the similar HTTP request headers back to back.

 

Link to comment
https://forums.phpfreaks.com/topic/66251-ip-addresses-and-aol/#findComment-331385
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.