I’m working on a site that allows users to vote on different items. Right now I have it so after they vote the buttons are disabled until the page refreshes. I want to come up with a solution so I can keep users from voting more than once. Currently, I’m storing votes in a mysql database, but I’m not storing who voted.
I have 3 different types of users.
members logged in
2)members not logged in
3)site visitors with no user account
I’m trying to think of the best ways to handle each type.
I know for my logged in users I can use their user_id and check if they have voted before for that specific element.
But how should I handle the other two (2 & 3). Here is what I’m thinking…
a) Should I use set a cookie for each of their votes. Then, loop through all of their vote cookies each time they vote before adding the vote to the database? There could be hundreds of votes. If they have cookie turned off this would not work.
b)maybe grab their ipaddress somehow and store that in the database. Then query and loop through all votes looking for a duplicate ipaddress/item combo?
For 2 and 3, you cannot determine with certainty if a visitor has voted or not.
Visitors can have cookies disabled and even if they are enabled, the visitor can delete their cookies which you cannot stop.
IP address can be easily spoofed and some ISPs provide dynamic ip addresses to their customers which means that every time an ISP client connects to the internet, they will be issued with a different ip address.
The only chance you have to determine with any sort of certainty if a person has voted or not (given you cannot stop users having multiple accounts) is by making them log in before they can vote.
Thanks kennard. the rating system is just going to be for rating movies so it doesn’t have to be completley full proof. I just don’t want to make it easy for a single person to completly sway the results. I don’t want to make them login If I don’t have to.
I think I would just record them all. Set a cookie and session, and record the IP/UID in a table. You could also require cookies to vote, and if they delete the cookies, change the IP and session ID just to vote again, then maybe they deserve that vote lol.
Thanks guys. I was thinking about using Facebook for the login, but I also want to encourage them to create an account and set up a profile page. I’m still going to look into the fb api, but for now I’ll stick with littlebiggie’s suggestion.