The main problem with this, and others below that only use the IP address, is that proxies mess everything up. Glancing through my access_log, I seem to have an awful lot of people from cache-rc09.proxy.aol.com and similar hosts. You need to either specify a timeout, use cookies, or use the HTTP_USER_AGENT value. Better yet, use all three.

Start by checking for a cookie. If it is found, stop (don't allow the vote). If not, check the IP. If it has not been seen before, go (allow the vote, save the IP). Otherwise, check the user agent. If it's new, go. If not, check the timeout. If it's over a certain time (say, 2 days) you might allow it anyway. Some pseudo-code:

$ip=$ENV{'REMOTE_HOST'};
$br=$ENV{'HTTP_USER_AGENT'};
$timeout = 60*60*24*2; ## sec x min x hours x 2 days = seconds in 2 da
+ys

$cookie_found and &NoVote; ## NoVote exits

## Load data file, check for a match
open (IP, "< $ipfile") or &SeriousError;
$found=0;
while(<IP>) {
  m/^$ip/ or next;
  $found=1;
  ## IP matches - does the browser?
  (undef,$brow, $time) = split(/##/,$_); 
  if ($br eq $brow) {
    ## Browser matches too - allow a timeout?
    $^T-$time>$timeout and &Vote; ## exits
  }
}
&Vote if !$found; ## This is a new IP
&NoVote;

sub Vote {
  ## Voting code here

  ## Set a cookie
  print "Set-cookie: etc...";

  ##..and in case that doesn't work or they delete it:

  if (open(IP, ">>$ipfile")) {
    print "$ip##$br##$^T\n";
    close(IP);
  }
  exit;
}
[download]

A final trick to slow down ballot-stuffing (someone *could* write a perl script that changes the user agent every time, in theory) is to limit the rate of voting by sticking a sleep(15) in there, or by allowing the same IP but different user agents to vote only after a timeout of 30 seconds.