in reply to Re: Quick and easy way to prevent multiple votes?
in thread Quick and easy way to prevent multiple votes?

The main problem with this, and others below that only use the IP address, is that proxies mess everything up. Glancing through my access_log, I seem to have an awful lot of people from and similar hosts. You need to either specify a timeout, use cookies, or use the HTTP_USER_AGENT value. Better yet, use all three.

Start by checking for a cookie. If it is found, stop (don't allow the vote). If not, check the IP. If it has not been seen before, go (allow the vote, save the IP). Otherwise, check the user agent. If it's new, go. If not, check the timeout. If it's over a certain time (say, 2 days) you might allow it anyway. Some pseudo-code:

$ip=$ENV{'REMOTE_HOST'}; $br=$ENV{'HTTP_USER_AGENT'}; $timeout = 60*60*24*2; ## sec x min x hours x 2 days = seconds in 2 da +ys $cookie_found and &NoVote; ## NoVote exits ## Load data file, check for a match open (IP, "< $ipfile") or &SeriousError; $found=0; while(<IP>) { m/^$ip/ or next; $found=1; ## IP matches - does the browser? (undef,$brow, $time) = split(/##/,$_); if ($br eq $brow) { ## Browser matches too - allow a timeout? $^T-$time>$timeout and &Vote; ## exits } } &Vote if !$found; ## This is a new IP &NoVote; sub Vote { ## Voting code here ## Set a cookie print "Set-cookie: etc..."; ##..and in case that doesn't work or they delete it: if (open(IP, ">>$ipfile")) { print "$ip##$br##$^T\n"; close(IP); } exit; }

A final trick to slow down ballot-stuffing (someone *could* write a perl script that changes the user agent every time, in theory) is to limit the rate of voting by sticking a sleep(15) in there, or by allowing the same IP but different user agents to vote only after a timeout of 30 seconds.