Rating System: Preventing Cheaters

[OhSqueezy]

I have a simple ratings system setup on my site which I use to let users rate an article on a certain scale. I've also got a members database setup, and voting is restricted to members only.

I've been reading some threads on this forum about preventing cheaters from voting more than once and all of them seem to mention that this can be done by requiring users to login before voting (which as I mentioned, I already require). I'm just wondering how this works? I guess I would have to store the ID of the member someplace, but where?

The way I see it is, I can't store it in the 'Ratings' table that I have setup, because if I had a column called 'Voters', it would have multiple entries. And if I had a colmun called 'Articles_Rated' in my 'Members' table, the same problem would occur.

Is it necessary to setup a new table to make this work? I think that would work... but it would end up being a huge table once I get a lot of voters. Or is there something that I'm missing?

[Defender1]

i suggest you read Kevin Yanks tutorial on setting up a member system.
http://www.webmasterbase.com/article/319

also, if you want to make it so that members can only vote once, when they submit a poll, just have it put a 1 in a column in the users table called like has_voted or whatever.
then when they go to the vote again, have it check this and if it equals one, have it display the results and say you have voted or whatever.

[Ramses]

One tricky way I favor is to to use a combination of sessions/user table and cookies. Once the user has voted (rated, whatever), place the id of the rated article in the session and alternatively in the user table. This was, one visitor will find it hard to vote twice for the same article during the same session. Since you require people to login, I'd use a char(255) field in the user table bearing the list of previously rated article ids separated by commas. When the user has logged-in and if he tries to vote again, pull back the list, explode the list into an array and search the array for the article_id. If found, he must therefore have voted before and you present an error message or rating results.

That's the way I do it and it takes care of the common cases. I also set a cookie with the same info for redundancy and in the case you decide to allow un-logged users to rate articles.

As a last recommendation, I would suggest not going the easy way many people seem to favoir, being to track past voters solely on their IP address. Many people (office workers as well as AOL users) behind firewalls or proxies show the same IP address. Blocking rating using the IP address would indeed cause some conflict for users behind proxies.

[Defender1]

Originally posted by Ramses
As a last recommendation, I would suggest not going the easy way many people seem to favoir, being to track past voters solely on their IP address. Many people (office workers as well as AOL users) behind firewalls or proxies show the same IP address. Blocking rating using the IP address would indeed cause some conflict for users behind proxies.

Not only that, but normal modem users' ip's change everytime they login, so that would allow them to vote the next time they connected to the internet.

[dhtmlgod]

You could have a column in the vote table where it keeps all the ID numbers of all the users that have voted in it in a CSV style and when the visitor comes to it, break it down adn comapare, if it matches, dont let them vote again. But that would only work if it was a member system.