Skip to main content
F
fresalMCD
Participant
January 14, 2010
Question

Using ip address as cookie to prevent "ballot stuffing" in coldfusion poll .

  • January 14, 2010
  • 1 reply
  • 976 views

Happy new year  Everyone ,

As  a  web programming  novice , I've  been  trying  to  create  a  simple  coldfusion  poll  application , that  captures  the  participant's  ip address   to   possibly  store  in  a  cookie  variable  and  prevent  multiple  voting   or   "ballot  stuffing"

by previous  participants.Your  suggestions  and  contributions  are  highly  valued .

Thanks in advance.My highest regards.fresalMCD.

                                          

    This topic has been closed for replies.

    1 reply

    Owainnorth
    Owainnorth
    Inspiring
    January 14, 2010

    And happy new year to you too!

    How are you storing the votes? I'd assume they're going into a database table somewhere?

    If so, just put in a column for the poll_id, response and IP address; you can then check if the user has already voted or even better replace their existing vote before inserting the new one. Something like this:


    <cfif structKeyExists(FORM,"submitVote") >

      <!--- Delete any existing votes by this IP for this poll --->

      <cfquery ...>

        DELETE FROM  votes

        WHERE        vote_poll_id = #FORM.poll_id#

        AND          vote_ip_address = '#CGI.REMOTE_ADDR#'

      </cfquery>

      <!--- Insert the new vote --->

      <cfquery>

        INSERT INTO     votes ( vote_poll_id, vote_ip_address, vote_response )

        VALUES        (        #FORM.poll_id#, '#CGI.REMOTE_ADDR#', '#FORM.response#' )

      </cfquery>

    </cfif>

    You can't really rely on cookies as people can clear their cookies and vote again. Far better to enforce it at the Application level.

    O.

    F
    fresalMCDAuthor
    Participant
    January 14, 2010

    Many thanks  for your  insightful  reply  especially  with  regard  to  preventing  repeat  voting  at  application  level.I  noticed  the  poll id column  in  the  piece  of  code  you  included ( I'm using  microsoft  sql  server  2008  express  edition  as  my  database  server  to  be  precise )Idealistically , i  favour  a  polling  interface  ( such  as  the  mini polls  conducted  on the  home page  at  http://www.supanet.com/  )  that  do  not  require  the   voter  to  select  a  poll  from  a  scroll  down  box  or  make  a  poll  selection  as  one  of the  form  entries.

    All  i  would  be  requiring  from  the  voter  is  their  yes/no  response  , which  throws  into  question , how  do  i  use  their  ip  address  as  a  unique  identifier  instead  of  the  poll  id.

    Ms sql  server  interestingly , enables  the  set  up  of  a  unique  identifier  column  through  the  use  of  it's  identity datatype (the  equivalent  of  microsoft  access'  autonumber ) and  this  auto - increment  column  in  question  does  not  receive  form  input but automatically  increments  as  you  would  expect  with  each  additional   entry  into  the  table.Would  you  have  any  ideas  or additional  insights  on  this ? I  would  be  grateful.I'm  no  longer  fixated  on  cookies  thanks  to  your  contribution.

                          My  highest  regards.

                                             fresalMCD.

    Owainnorth
    Owainnorth
    Inspiring
    January 14, 2010

    Don't get too hung up on the unique identifiers at the database level - you could indeed use an Identity field but that's more for making the database row unique, not for making the vote unique.

    Database-enforced uniqueness is great for making sure your data is kept consistent, but you don't want to rely on your website throwing a nasty error if someone wants to vote again, you want to handle it in your application. Imagine you create your votes table like so:


    CREATE TABLE votes (

      vote_ip_address VARCHAR(15) NOT NULL,
      vote_yn VARCHAR(1) NOT NULL ) ;

    Then in your HTML, create your form:


    <form action="<cfoutput>#CGI.SCRIPT_NAME#</cfoutput> method="post">
      Vote now for something!
      <input type="radio" name="vote" value="Y" /> I vote yes <br />
      <input type="radio" name="vote" value="N" /> I vote no <br />
      <input type="submit" name="sub_vote" value="Vote Now!" />
    </form>

    Then at the top of your page, process the vote:

    <cfif structKeyExists(FORM,"sub_vote") >
        <cfquery ...>
          DELETE FROM votes
          WHERE vote_ip_address = '#CGI.REMOTE_ADDR#'
        </cfquery>
        <cfquery ...>
          INSERT INTO votes ( vote_ip_address, vote_yn )
          VALUES ( '#CGI.SCRIPT_NAME#', '#FORM.vote#' )
        </cfquery>
      Thank you for your vote!
    </cfif>

    You only really need to worry about unique identifiers if you ever need to get to specific rows, which you'll never do as you'll be getting a count of the yes/no votes - each individual line doesn't matter.

    I haven't actually tried any of the code above so apologies if I've typo'd at all.

    O.

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices