0

I'm building a Rails project. What I'm trying to accomplish is to prevent one person from voting twice on my website. I really don't want to make people have to sign up/log in. The only other way I can think of is to somehow record a user's IP address and block that address. I realize that one person can have a few different devices, but it's not THAT important, I just don't want one person to be voting hundreds of times. Is this possible with Rails/Javascript?

  • 3
    You do understand that it's easy to get other IPs to spoof such a scheme, and that, depending on the network, numerous valid users could have the same IP address. Instead of using IPs, consider using email addresses. Sure, someone could generate a bunch of email addresses, but if you send a confirmation to each one that they have to respond to just to vote, a spoofer would eventually tire of the game. – the Tin Man Oct 30 '14 at 23:25
  • @theTinMan Wait, how could someone spoof that system? –  Oct 30 '14 at 23:35
  • 2
    There are many ways, including powering off their router/net-modem until it gets a new IP, using various "onion" routers.... Search for "get fake ip address" and "onion routers" for an idea. – the Tin Man Oct 30 '14 at 23:53

4 Answers4

2

Simply use request.remote_ip from within your controller action.

Remember one thing, people behind a NAT are having the same IP, however they can even do not know each other but still, they're using the same IP address. Consider adding something more than just IP address, e.g. system name, browser name etc.

blelump
  • 3,233
  • 1
  • 16
  • 20
1

Yes, it is. You can access the IP address via request.remote_ip and add a check to only allow the vote if the IP has not already been voted from.

Via JavaScript? No.

the Tin Man
  • 158,662
  • 42
  • 215
  • 303
phantom
  • 1,457
  • 7
  • 15
1

Here is method how to get IP address in Rails:

request.remote_ip

Also mentioned in "Rails: Get Client IP address" and the remote_ip documentation.

If you want to accomplish this by using JavaScript solution, I would recommend you check out "How to get client's IP address using javascript only?".

Community
  • 1
  • 1
Tom Hert
  • 947
  • 2
  • 10
  • 32
0

You can access the user's IP address by

request.remote_ip

You may also a cookie to handle the case for users who change their IP (not as simple as this, this is just an example:

cookies["voted"] = true
the Tin Man
  • 158,662
  • 42
  • 215
  • 303
mohameddiaa27
  • 3,587
  • 1
  • 16
  • 23
  • 1
    Of course, someone wanting to fool the system will just flush their cookies or use a private mode to clear it automatically. – the Tin Man Oct 30 '14 at 23:58