#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2003
    Posts
    396
    Rep Power
    48

    One vote per IP address on a poll?


    Hello everyone ,

    I have an online poll which allows people to vote. I have used a captcha to stop bots from making votes. However I want to make sure that only one person can vote ever. Now I know this is impossible if personal identification data about the user isnít stored (e.g. a fingerprint lol). So I guessed that the best way to do this would be to store their IP address and only allow one vote per address. I know this means that many people using a network or computer with the same address wonít be able to vote but I cant think of any other way.

    My question is what would be the best way to obtain the IP address? Should I use $_SERVER['REMOTE_ADDR'] ? But then users will be able to go through a proxy. So I can use: $_SERVER['HTTP_CLIENT_IP'] or $_SERVER['HTTP_X_FORWARDED_FOR']. But canít they be faked? I donít know how difficult it is to fake HTTP headers and if someone would bother doing it along side with having to fill in the captcha if they want to rig the poll. So what is my best bet? To stick with $_SERVER['REMOTE_ADDR'] ?

    My greater concern is non static addresses. In some places they may still be using dialup connection alongside with dynamic address every time they connect to the Internet. Thus they would get the chance to have multiple votes. Is this concern of mine valid or have I completely misunderstood the situation? Or am I missing something very fundamental?

    Thanks!
  2. #2
  3. No Profile Picture
    Lost in code
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 2004
    Posts
    8,316
    Rep Power
    7171
    Don't get too fancy with it, as you've already surmised IP address isn't a good way of uniquely identifying a person or even a computer, but it is one of the few viable options.

    Anonymous proxies don't forward the IP address of the original requester, and if someone is trying to get around you using a proxy they are going to use an anonymous proxy. There is no way to determine the IP address of the original requester unless the proxy chooses to tell you.

    Most ISPs provide customers with dynamic IP addresses, this includes both dialup and broadband connections. Very few ISPs provide residential customers with static IPs. A dynamic IP address would give someone multiple opportunities to vote, and there is really nothing you can do about it.

    When it comes to polls the best thing to do is require registration with E-Mail verification. Still no where near foolproof, but more so than IP addresses.

    Comments on this post

    • romario agrees
    • sir_drinxalot agrees
    PHP FAQ

    Originally Posted by Spad
    Ah USB, the only rectangular connector where you have to make 3 attempts before you get it the right way around
  4. #3
  5. No Profile Picture
    Permanently Banned
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2010
    Posts
    152
    Rep Power
    0
    Hey, I agree with the above poster (didn't catch his/her name).

    What I would do is make users 'sign up' using an email address that they would use to login -- assuming you want this rule. In your DB or whatever you're using to store poll results, allow just one vote per email. If users wanted to vote twice, they would have to create another email account. Combined with your server methods and your CAPTCHA it would be pretty difficult for users to vote multiple times.
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2003
    Posts
    396
    Rep Power
    48
    Thank you again E-Oreo Thank was the information I was looking for.

    I just did implement an email method.
  8. #5
  9. No Profile Picture
    Permanently Banned
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2010
    Posts
    152
    Rep Power
    0
    I'm really interested in this. Limiting users to 1 and not multiple must be essential to many web applications, surley somebody must know a method?

    Originally Posted by romario
    Thank you again E-Oreo Thank was the information I was looking for.

    I just did implement an email method.
    Yes, using an email to limit your poll results would be an easier method then usin' an IP, but that dosen't make it a solution.
  10. #6
  11. No Profile Picture
    Lost in code
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 2004
    Posts
    8,316
    Rep Power
    7171
    It's not possible to know something that doesn't exist.
    PHP FAQ

    Originally Posted by Spad
    Ah USB, the only rectangular connector where you have to make 3 attempts before you get it the right way around

IMN logo majestic logo threadwatch logo seochat tools logo