1

Possible Duplicate:
Unique IPs in a voting system

I know I can use cookies and IP address to prevent someone from vote more than once but if they clear browser cookies, they can vote again. Some chat servers get computer info to ban users. Is there a way I use the same concept for voting system?

I'm aware there is no perfect solution but I appreciate if you guide to best solution using PHP?

Community
  • 1
  • 1
john206
  • 537
  • 1
  • 7
  • 15
  • There is no "the best" since it is not possible to identify particular person or PC through internet. Just add captcha – zerkms Feb 26 '12 at 22:56
  • @Anton: What `that` information? – zerkms Feb 26 '12 at 22:57
  • I would say there is almost no solution. You should not ban users based on their IP. The IP could be a IP of a school or the proxy of a company where many other users would be banned too. You may use some bad tricks like flash cookies or a computer fingerprint like a hash of all possible fonts on that computer. This is on every computer uniqiere so far I know. But that will fail on disabled javascript. – rekire Feb 26 '12 at 22:59
  • Also 100s or 1000s of people can share a single IP address. – Toby Allen Feb 26 '12 at 22:59
  • @zerkms the OP is asking for a way to prevent more than 1 time per IP address, captcha doesn't do that. – yoda Feb 26 '12 at 23:00
  • @rcplusplus: makes no sense at all – zerkms Feb 26 '12 at 23:00
  • @yoda: can you please make a quote that from the original question? I don't see that requirement, but I see "How to prevent duplicate voting" – zerkms Feb 26 '12 at 23:01
  • Maybe look at technique called "browser fingerprint"? You can calculate hash using browser settings - from headers. If you additionaly use javascript, you can gather more unique information. – Slawek Feb 26 '12 at 23:01
  • @Slawek: it won't prevent from duplicate voting using scripts – zerkms Feb 26 '12 at 23:02
  • @Anton: and what information is supposed to identify in unique manner the person, who has voted already? – zerkms Feb 26 '12 at 23:03
  • @zerkms: but can prevent casual users from voting more than once :) – Slawek Feb 26 '12 at 23:05
  • @Slawek: I doubt that casual users can influence on results in case that one person just uses a script – zerkms Feb 26 '12 at 23:07
  • @zerkms: I think you underestimate casual users imagination when they can win something, for example in photo contest ;) But I agree, it is almost impossible to completely win with scripts. – Slawek Feb 26 '12 at 23:14

2 Answers2

2

You can't without getting people to log in (and even then people can register two accounts).

Toby Allen
  • 10,997
  • 11
  • 73
  • 124
  • Let's say people login with Google/Yahoo account. Whoever has multiple email accounts can vote as a new person. What code can I use to allow maximum 5 votes per device? – john206 Feb 26 '12 at 23:06
  • @john206: look here - http://panopticlick.eff.org/ - and read about "browser fingerprint" technique. It can limit normal users to vote each from one browser on device. Of course it won't work if your user know something more about headers, http, etc. – Slawek Feb 26 '12 at 23:08
  • @john206, this is not worth the effort. Just make people log in, to your site, gmail, facebook whatever and leave it at that. You cannot prevent someone who wants to from doing it. – Toby Allen Feb 26 '12 at 23:35
1

Logging the IP address is about as good as you can do. With broadband your IP address doesn't change that often compared to dial-up days. Obviously you can't stop someone who knows how to circumvent this.

MattP
  • 2,798
  • 2
  • 31
  • 42