Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation
 
PerlMonks  

Re: Quick and easy way to prevent multiple votes?

by Apterigo (Scribe)
on Jun 08, 2000 at 03:46 UTC ( [id://16990]=note: print w/replies, xml ) Need Help??


in reply to Quick and easy way to prevent multiple votes?

Why not just use the CGI Enviornment Variable REMOTE_ADDR to ensure that they this IP has not voted previously. IPs that vote could be stored in a file which could later be parsed to ensure that that IP has not voted. If they have not voted, it would allow them to, and if they have, they would receive a message such as "You have already voted from this IP."
Apterigo

Replies are listed 'Best First'.
RE: Re: Quick and easy way to prevent multiple votes?
by turnstep (Parson) on Jun 08, 2000 at 05:49 UTC

    The main problem with this, and others below that only use the IP address, is that proxies mess everything up. Glancing through my access_log, I seem to have an awful lot of people from cache-rc09.proxy.aol.com and similar hosts. You need to either specify a timeout, use cookies, or use the HTTP_USER_AGENT value. Better yet, use all three.

    Start by checking for a cookie. If it is found, stop (don't allow the vote). If not, check the IP. If it has not been seen before, go (allow the vote, save the IP). Otherwise, check the user agent. If it's new, go. If not, check the timeout. If it's over a certain time (say, 2 days) you might allow it anyway. Some pseudo-code:

    $ip=$ENV{'REMOTE_HOST'}; $br=$ENV{'HTTP_USER_AGENT'}; $timeout = 60*60*24*2; ## sec x min x hours x 2 days = seconds in 2 da +ys $cookie_found and &NoVote; ## NoVote exits ## Load data file, check for a match open (IP, "< $ipfile") or &SeriousError; $found=0; while(<IP>) { m/^$ip/ or next; $found=1; ## IP matches - does the browser? (undef,$brow, $time) = split(/##/,$_); if ($br eq $brow) { ## Browser matches too - allow a timeout? $^T-$time>$timeout and &Vote; ## exits } } &Vote if !$found; ## This is a new IP &NoVote; sub Vote { ## Voting code here ## Set a cookie print "Set-cookie: etc..."; ##..and in case that doesn't work or they delete it: if (open(IP, ">>$ipfile")) { print "$ip##$br##$^T\n"; close(IP); } exit; }

    A final trick to slow down ballot-stuffing (someone *could* write a perl script that changes the user agent every time, in theory) is to limit the rate of voting by sticking a sleep(15) in there, or by allowing the same IP but different user agents to vote only after a timeout of 30 seconds.

RE: Re: Quick and easy way to prevent multiple votes?
by merlyn (Sage) on Jun 08, 2000 at 04:54 UTC
    Argh! Not the "IP for unique votes" cargo-cult junk again! How many times do we need to go through this?

    Repeat after me:

    • An IP address is not a user
    • An IP address is not a user
    • An IP address is not a user
    Trivial counter-examples:
    1. AOL.com's proxy, where every hit comes from a different address, even within the same session
    2. Dialup sessions (including most cable modems) where every session is a different IP
    3. Proxy servers for nearly all of the corporate access
    Please don't make me have to repeat this stuff Yet Another Time.

    -- Randal L. Schwartz, Perl hacker

      Please be nice. Many people have never had to consider this problem before and therefore would have no way of knowing these things. Maybe it's YetAnotherTime for you but that's what cooperative forums for a community of any sort have to deal in 99% of the time. That's what FAQ's are all about and why it's great to reference them for answers. Thanks very much. TTFN & Shalom.

      -PipTigger
        Good comment, PipTigger.

        Perl Monks is a community, with a wide range of skills, knowledge and experience. Though it is easy to forget how little we each knew when we were just starting to program (and/or starting CGI/internet programming), no one has the right to be abusive or even just brusque -- no matter how obvious one may think the answer is.

        In merlyn's defense, I think he was simply trying to be certain he made the point, and was not trying to be rude. Less rhetoric and force next time, Randal. Please. If you tire of having "to repeat this stuff Yet Another Time," let those of us with a little compassion handle it <nobr>so you don't have to... ;-)</nobr>

        Apterigo just created the Perl Monks user account a few weeks ago. Let's not run off new users as punishment for trying to contribute to our community.

        Russ

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://16990]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others exploiting the Monastery: (5)
As of 2024-03-29 12:47 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found