-2

Possible Duplicate:
Unique IPs in a voting system

I am developing a small web app where it needs an online voting system using php for my college event. I was obtaining IP Address and storing it in database to prevent repeated voting from same user. But then I remembered that my college uses a proxy server so obtaining IP address is useless. I tried accessing and storing Mac Address of the client using javascript.. I tried out a few examples that i found on the internet.. but none of them worked. Can you guys suggest me an alternative to how can I get the results I want??

Any sort of help would be heartily appreciated.

Regards, Aayush Shrestha Nepal

Community
  • 1
  • 1
aayush shrestha
  • 1,858
  • 2
  • 17
  • 33

3 Answers3

2

Have them enter their email addresses and send a link to their email that allows them to vote. The link should include some hash of their email and you would have to check if they have already voted or not.

I realize that a student could enter multiple email addresses and vote multiple times, but how many emails does a student really have? And how much time would they spend doing something like that?

I'm guessing you don't have access to any sort of authentication system through your college, so this is probably the best way.

Edit:

Another idea is to use Facebook authentication (see: http://developers.facebook.com/docs/authentication/). The downside is that you have to assume that all voters have facebook accounts.

lbstr
  • 2,822
  • 18
  • 29
  • 2
    What is to prevent a user from using multiple email addresses? – Andy May 23 '12 at 16:24
  • For unlimited free email addresses, see http://www.10minutemail.com. Facebook auth (or other 3rd party system) is a pretty good idea. – apsillers May 23 '12 at 16:31
  • @Andy good call -- nothing. If he can't tap into his college's authentication system, something has got to give. I'm just spitting out a few ideas to see what he thinks is the *least bad* :). Like he said, IPs and MAC addresses won't work especially with proxy's and computer labs on campus. – lbstr May 23 '12 at 16:31
  • @apsillers wow didn't know about that! thanks for sharing! that would DESTROY my solution – lbstr May 23 '12 at 16:32
0

The only 100% airtight way to do this would be to make users create accounts that require some personally unique information to prevent a user from making multiple accounts.

The closest you can come without a login system is the Evercookie library, which stores a UUID in about a dozen different places in the user's browser. It's very difficult to clear them all out (even using a privacy mode in the browser), so if you give an Evercookie to a user when they vote, you can probably spot someone who has voted before.

Note that this stops repeat voting on the machine level, not the user level (a machine may haave multiple users, and a user may have multiple machines, which might enable repeat voters or block eligible voters).

apsillers
  • 112,806
  • 17
  • 235
  • 239
0

  1. First get the user to register an email address so they can use the voting system subsequently associated with that address.

  2. Once you have an email address (that is validated with a activation link sent to that email), then you can gather voting related input from the user.

There is really no effective, platform-independent way of preventing repeated voting unless you enforce user certificates, etc.

Web User
  • 7,438
  • 14
  • 64
  • 92