0

I would like to ensure that you can only click thumbs up or thumbs down once per table entry?

My visitors are not logged in, so my assumption is, I can check your IP, and using JSON send the info to the db to record IP address and the ID of that table entry. then if the user clicked thumbs up again, use JSON to do a quick SQL exists to determine if the IP and text ID exist. If not, then the thumbs up click goes through.

Seems like this is a tedious and non-elegant solution that will be slow and take up a lot of DB space. Any thoughts/help for improvement?

Using ruby 1.9.2, rails 3.1, jquery.

delphi
  • 10,705
  • 5
  • 22
  • 18
  • Your solution sounds like the best way to do this... – Nachshon Schwartz Sep 15 '11 at 08:11
  • The problem with IP based solutions is that people in companies etc. usually share one IP. We had this problem when we tried to block users that way and had to stop it. Maybe go for IP address + user agent combo or something. – Michael Kohl Sep 15 '11 at 08:24

2 Answers2

0

My implementation of this kind of functionality was quite similar to yours:

  • If user clicks on a button, disable it through Javascript and send an AJAX request to server
  • In your database don't add a new column to your databases. Better add a new table that stores IP, vote (up or down) and ID reference. This will help you to mantain your tables and it's easier to change your voting system in a future.
  • When you draw your page from PHP take in account the votes and draw your buttons (up and down) disabled if user has voted before.

As Michael points, in some cases IP-only method is not good enough. Maybe you can reforce your system by adding other browser specific variables, but it depends on the degree of security you need (because a user could vote twice using two different browsers). You'll find more information about this here.

I hope this makes sense to you.

Community
  • 1
  • 1
Ivan
  • 14,692
  • 17
  • 59
  • 96
0

Using IP address as the user identifier will be problematic for any users behind a NAT router (e.g. any office or commercial organisation) as these will all be recognized as the same user.

A cookie on the client would probably be more accurate in this case, although that is also not 100% reliable as users can clear cookies or may have cookies completely disabled.

This is a design issue rather than a technical problem; there is the fundamental issue of tracking user state without having any way to identify the user. But it is a compromise if you wish to provide the convenience to users of interacting with your site without being forced to log in.

njr101
  • 9,499
  • 7
  • 39
  • 56