2

I plan to prepare a gallery (in php) with a voting option. However, I've got security problems and do not know how to resolve them.

I would like it to be possible to vote only one time per 24 hours. I tried to use IP address verification, but depending on ISP it may change after reconnection. Cookies can be removed from the computer.

I considered another approach: sending an email to the person with a link that they click to vote. That would be saved in the db with 24 hour restriction for IP address and email address.

Unfortunately these options do not give a guarantee. Do you have any more security tips? Would you advise something else?

PS- A CAPTCHA seems nice, but users may not want to vote while experiencing any difficulties.

blahdiblah
  • 33,069
  • 21
  • 98
  • 152
Lormitto
  • 477
  • 2
  • 7
  • 19

2 Answers2

4

why not to allow vote only to registered.

Subdigger
  • 2,166
  • 3
  • 20
  • 42
  • 1
    I think it's the best (and only?) way. If you try something else, you'll end up with problems one way or another. Cookies: the user can delete it and vote again. IP recording: the first to vote from a school/company/cybercafé/... blocks all the other users from the same building. – SteeveDroz Jun 30 '11 at 12:55
0

This can be achieved through obscurity. As Subdigger and Oltarus stated, voting only to registered users are the only real way.

Most automated polling code only submit to the form directly. You can set a cookie and record the user activity to see if they actually visit the polling page before submitting.

Dog eat cat world
  • 740
  • 5
  • 22