Creating a secure elections database

Report · Jul 19, 2010

Hi folks,

I'm coming back to the people who have been so much help in the past! Now that I've got a member login/member update info section working on my site, I need to do the next thing for my client, which is set up an online elections page that posts to an "election" table in my database. I've got the table set up and the page working, via Insert Record Wizard that uses radio groups for the various choices. Everything is posting to the database great.

I have one concern and would appreciate advice on the following: How do I prevent a member from logging in and voting multiple times? Right now I have a page set up where after they log in, they come to a page with two links: one to "Update your info" and another to "Participate in the 2010 board elections." Right now they can click on these links (both pages have restricted access) multiple times, which I want in the first case but not in the second. Do I need to create a separate login for the election page, and if so, how do I restrict the voting form to only ONE submission per member?

In my main Users table, I have the primary key set as user_id and then I have a field for email addresses. I thought of using the email address somehow as a check, but would like the election process to be entirely anonymous. Right now data just populates to the election table with no member identification, which I like. Will I have to sacrifice this?

Thanks in advance,

Gail

Report · Jul 19, 2010

Add a field to the user table, called it Voted, default to No or 0 or whatever. As soon as that person logs in and votes (for anything) set that field to Yes or 1, etc.

Each time a person votes, check that field first. If set (Yes or whatever) then s/he's already voted so say so and proceed.

Since the results are in another table, there is no loss of anonymity.

Report · Jul 19, 2010

Or, create another table that links the user to a specific election (by date, election id, or whatever). In addition to the userid and election id it would have a status field. Then you can have a tally of who voted in each election - but still not have any way of seeing what they voted for.

Report · Jul 20, 2010

BC's solution looks like it requires updating two tables at once - linking via a foreign key, something I've read about but not tried to do yet. Bregent's solution looks like (I think) managing this with one table, which might be simpler for me. I have a few questions about how to implement this:

You said " create another table that links the user to a specific election (by date, election id, or whatever)." Does this mean I should copy the user_id field from my users table to the election table? How do I create this link?
Then add the status field. I can handle that. I'm not sure how to change this field from 'y' to 'n' after a person votes. How do I change the value and then check it if someone logs in again? This question applies to both solutions I guess.

A step-by-step would help me enormously, as I'm new to this. Thanks in advance,

Gail

Report · Jul 22, 2010

>You said " create another table that links the user to a

>specific election (by date, election id, or whatever)."

>Does this mean I should copy the user_id field from

>my users table to the election table? How do I create this link?

When the user votes, you insert their userID into the election table, possibly along with other information that uniquely identifies that row such as electionId, date, etc. Prior to allowing them to vote, you query this table using the userID and any other PK columns in the where clause. Test the result set and if the number of rows returned was more than zero, you know they voted and alert them with a message.

Report · Jul 22, 2010

BC,

I'm trying to add an "if" statement to do the

checking you mentioned below. This is what I have:

if ($voted == "1" )

echo "It appears you have already voted. Members

can vote only once. Thank you for participating!";

I'm not sure where in the code view I should

insert this, and if I have all the syntax

correct. Should it be inside the form that

submits the voting data, after the Submit button....or somewhere else?

Gail