views:

116

answers:

5

Im working on a website (html,css,javascript, ajax, php,mysql), and I want to restrict the number of times a particular user votes for a particular video.

Its similar to the YouTube system where you can voteUp or voteDown a particular video.

Each vote involves adding a row to the video.votes table, which logs the time, vote direction(up or down), the client IPaddress( using PHP: $ip = $_SERVER['REMOTE_ADDR']; ), and of course the ID of the video in question.

Adding votes is as simple as; (pseudocode): Javascript:onClick( vote( a,b,c,d ) ), which passes variables to PHP insertion script via ajax, and finally we replace the voteing buttons with a "Thank You For Voting" message.

THE PROBLEM:

If you reload/refresh the page after voting, you can vote again, and again, and again, you get the point.

MY QUESTION:

How do you limit the amount of times a particular user votes for a particular video??

MY THOUGHTS:

Do you use cookies, and add a new cookie with the id of the video. And check for a cookie before you insert a new vote.?

OR

Before you insert the vote, do you use the IPaddress and the videoID to see if this same user(IP) has voted for this same video(vidID) in the past 24hrs(mktime), and either allow or dissallow the voteInsertion based on this query?

OR

Do you just not care? Take the assumption that most users are sane, and have better things to do than refresh pages and vote repeatedly.??

Any suggestions or ideas welcome.

+3  A: 

If you don't really care, specifically about the 4chan effect, you could just use a cookie. Don't go on IP address, because there are blocks of people all behind common NAT routers all over the place.

If you care a little more, you'd have to authenticate people, but without some sort of external token to identify actual individual humans, you'd still have problems. It depends on the nature of your site, of course. For example, a home banking site could support voting with more confidence because it can identify a user with an actual account number.

Pointy
+3  A: 

I would use the cookie approach. It allows to identify unique users (for those that accept cookies) while IP it's a bad approach since many users can share the same IP address.

If the site uses login, maybe you may consider the option to allow only logged users to vote. In this case it's very easy to know if a user already voted, but very restrictive.

Claudio Redi
+2  A: 

Perhaps the best advice would be to just let registered users to vote. That way you can query WHERE user_id = 'x' and video_id = 'y', if the record is found, do not let him vote.

Alas, for anonymous users, that might be tricky. A lot of IP addresses are shared on networks, so a user in the same building as another might just vote once.
The cookies option might be good, except they can be erased. You just can't trust anything on the user's side.

metrobalderas
+1  A: 

Do you use cookies, and add a new cookie with the id of the video. And check for a cookie before you insert a new vote.?

Cookies can be easily disabled or very quickly cleared. Saving a vote to a cookie is unreliable and votes could be gamed with no problem.

Before you insert the vote, do you use the IPaddress and the videoID to see if this same user(IP) has voted for this same video(vidID) in the past 24hrs(mktime), and either allow or dissallow the voteInsertion based on this query?

Many users could be using the same router, effectively having the same IP. By doing this, you could be irritating users by stopping them from voting because another person from the same office/household has already voted on the video before sending them the link.

Do you just not care? Take the assumption that most users are sane, and have better things to do than refresh pages and vote repeatedly.?

This is entirely subjective and dependant on the importance of the votes. If voting is an important part of the site, it's best to care as much as you possibly can. For instance, if videos were sorted on highest rated, some users could vote many times to increase the popularity of their personal/favourite video, giving the impression of popularity to attract more views.

Where voting is important, it's best to only allow registered users to vote. Sure, people can and will make multiple accounts to vote (see http://gallery.live.com for an example), but you're making it a lot harder for them. If voting is not really important I would go with the cookie option.

Andy E
DJDonaL3000
What are you going to do to prevent the same person from registering more than once?
Pointy
@Pointy: Even Google, YouTube, Microsoft and eBay have problems with that. They still use similar systems for ratings (feedback for eBay). There's very little you can do to stop a user who really wants to vote more than once, any way you look at it. Even with your bank account example - fraudulent bank accounts are set up all the time.
Andy E
Oh yes, I understand that. Like I wrote in my own answer, things don't really get much better until you have something *real* to work with (like a bank account or credit card number). Clearly that's not an option here.
Pointy
+1  A: 

If your really trying to prevent multiple votes:

  1. Only let authenticated users vote
  2. Store votes in a database to check against
  3. Also store votes in cookies to do initial check and reduce load on database.

If you don't really care, just use cookies.

Corey Hart