SitePoint Sponsor

User Tag List

Results 1 to 12 of 12
  1. #1
    SitePoint Zealot
    Join Date
    Aug 2007
    Posts
    154
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Voting system - enforcing unique votes

    Hi guys, just setting up a simple voting system for a client and I'm wondering how best to ensure that no-one submits multiple votes. The problem is that it's a large company and a company wide email will be sent to all staff to invite them to vote on the web page i'm setting up, so it's not really practical to generate individual logins for each staff member - plus it would possibly be overkill to ask staff to login to cast a vote on something which is basically just a bit of fun. Logging the IP address of each voter wouldn't really work either as staff in the same office would be likely (i think) to be using the same remote IP.

    So i'm pondering storing cookie data for each user and logging this in the database alongside each vote, allowing me to check for unique votes. Does this seem a reasonable approach? To be honest, this doesn't need to be absolutely watertight and obviously people could clear their cookies and vote again if they really wanted to.

  2. #2
    SQL Consultant gold trophysilver trophybronze trophy
    r937's Avatar
    Join Date
    Jul 2002
    Location
    Toronto, Canada
    Posts
    39,215
    Mentioned
    58 Post(s)
    Tagged
    3 Thread(s)
    if staff in a remote office all use the same IP, what are you gonna put in the cookie? how will you know it's not somebody different each time? what data are you going to assign to a user to check if it's been duplicated?
    rudy.ca | @rudydotca
    Buy my SitePoint book: Simply SQL
    "giving out my real stuffs"

  3. #3
    From Italy with love silver trophybronze trophy
    guido2004's Avatar
    Join Date
    Sep 2004
    Posts
    9,491
    Mentioned
    161 Post(s)
    Tagged
    4 Thread(s)
    You could generate a random key for each staff member, save them in your database, and add them to the link to your page in your mail (i.e. 'http://www.companywebsite.com/yourpage/index.php?key=uwyrgrthvjf84y7834y7ytuiert'). They can vote clicking on the link (without having to log in), and you can keep track of which codes have already cast a vote.

  4. #4
    Twitter: @AnthonySterling silver trophy AnthonySterling's Avatar
    Join Date
    Apr 2008
    Location
    North-East, UK.
    Posts
    6,111
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by guido2004 View Post
    You could generate a random key for each staff member, save them in your database, and add them to the link to your page in your mail (i.e. 'http://www.companywebsite.com/yourpage/index.php?key=uwyrgrthvjf84y7834y7ytuiert'). They can vote clicking on the link (without having to log in), and you can keep track of which codes have already cast a vote.
    Although a little bit more work upfront on the email side of things, this gets my vote.
    @AnthonySterling: I'm a PHP developer, a consultant for oopnorth.com and the organiser of @phpne, a PHP User Group covering the North-East of England.

  5. #5
    SitePoint Zealot
    Join Date
    Aug 2007
    Posts
    154
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    @r937 - yep, good point - didn't really think that one through properly. Now I think about it, can't really see how to use cookies here without it being a really flimsy approach.

    @guido - i thought of doing something like that, but it looks like the client will be using an email template and sending it out (with the link) to all their staff (more than 500) and i don't think it's going to be feasible to create a different link for each staff member, esp as this would also mean individual emails being sent by the client, instead of a blanket internal mail. Maybe the only way for me to do this would be to get access to the staff list, then i could set something up to run through the email list sending the email with a dynamically generated random key appended to the link and logged in the db (as you suggest)
    Last edited by nicky77; May 19, 2009 at 03:04. Reason: bit more info

  6. #6
    SitePoint Wizard silver trophybronze trophy Cups's Avatar
    Join Date
    Oct 2006
    Location
    France, deep rural.
    Posts
    6,869
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    If you are on an IIS/NT based system you could try this:
    PHP Code:
    echo $_SERVER["PHP_AUTH_USER"]; 
    Might give you your current logged in (win) user name.

    Way back in the mists of time I recall doing something similar for an intranet KM system, I think that was how I did it - just an idea.
    Last edited by Cups; May 19, 2009 at 03:47. Reason: Another Tyypo, I mean Typo

  7. #7
    SitePoint Zealot
    Join Date
    Aug 2007
    Posts
    154
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi Cups - thanks for the suggestion, but i'm on Apache so i don't think this is an option.

    Cheers to all for the replies, i'll need to go back to the client and explain the situation and take it from there

  8. #8
    Twitter: @AnthonySterling silver trophy AnthonySterling's Avatar
    Join Date
    Apr 2008
    Location
    North-East, UK.
    Posts
    6,111
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by r937 View Post
    if staff in a remote office all use the same IP, what are you gonna put in the cookie? how will you know it's not somebody different each time? what data are you going to assign to a user to check if it's been duplicated?
    Actually, why does the cookie have to contain anything identifying? Surely the presence of the cookie is the only thing we need here.

    Pseudo:
    PHP Code:
    <?php
    if(isset($_COOKIE['voted']) === false)
    {
        
    doVote();
        
    $_COOKIE['voted'] = true;
    }
    header('Location: http://www.yourserver.com/thanks.php');
    exit;
    ?>
    @AnthonySterling: I'm a PHP developer, a consultant for oopnorth.com and the organiser of @phpne, a PHP User Group covering the North-East of England.

  9. #9
    SitePoint Zealot
    Join Date
    Aug 2007
    Posts
    154
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    @silver - you're right! i don't need to extract any information from the cookie, i only need to know if it exists. many thanks

  10. #10
    SitePoint Wizard bronze trophy
    Join Date
    Jul 2008
    Posts
    5,757
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well, if more than one user may vote from the same computer, then it does matter. Although, I think the browser should keep the cookies seperate so long as a different user logs on to the computer.

    You could also ask for thier name, or employee number or something when they vote.

  11. #11
    SitePoint Wizard
    Join Date
    Mar 2008
    Posts
    1,149
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If everyone is using IE, and you are using Windows for the network, then you might want to look into Microsoft's proprietary HTTP NTLM authentication. I haven't deeply looked into it though, so I can't help you further than that. However, I believe that you will have to enable in on client systems and the site with the voting form needs to be in the Intranet zone, but if you can push group policies onto systems, then I suppose that that's not an issue.

    Of course, that might be complete overkill for your needs.

  12. #12
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,784
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    If you use a cookie to trAck it then all anyone has to do to vote again is delete the cookie.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •