Hi, i am building a site for a client who wants to carry out a survey by asking 1000 users one simple question in which they then either vote Yes or No. The client wants to attract more users to their Facebook page so i am going to implement a system where by the user has to click a "Like" button before they can access and reveal the Yes and No buttons. The reason users will (hopefully) want to vote, is because once their vote is submitted a form will display asking them to enter their email address so they can win 1 of 10 prizes. I was going to develop a Facebook App to do this but i think it might best to set up a small stand alone website for the promotion. Please do not reply saying you wouldn't give your email address or you wouldn't like the page... i am not trying to discuss the business concept here, i just want to discuss the technical details here I am trying to workout the following: How can i limit each user so that they can only vote once... i was going to use the "Like" step to restrict users but what if a user has already liked the clients page, how can they vote... SO i was thinking i need some other way to limit the users to one vote without having to get them to register. I know most of the common techniques such as using IP addresses and cookies and i know that all of these can be cheated... which is fine if someone really wants to go that far with it... but what would you recommend as the best way to limit the users to one vote... thanks in advance for your help...
All depends if you can be bothered to keep a record of who's pressed if so I would do it server side rather than client cookie, keep a basic database table with the used ip's
You can't just go off from IPs since Dynamic and Shared IP's are still popular and are used virtually by every single Business and Campus. Even modern static IPs issued to residents aren't always truly static. AOL's browser software surfs the internet behind PROXIES. One single AOL IP could be shared among THOUSANDS of unique users. The only way to implement a secure method is to utilize BOTH Client and Server side methods together. Force registration, force email verification, limit 1 per user, also track via cookie. If forcing a registration and email verification is not an option your only other choice is to 1. track via HTTP cookies and risk having people defraud your system or 2. log IPs and risk the loss of real votes due to Shared & Dyanmic IPs.
or 3. require registration with email verification and risk reduced participation because many won't bother to register just for privilege to leave a vote
All well said, i can't add a email verification system as users will loose all interest if they are required to do so
Why would #3 be requiring registration and email verification if requiring registration and email verification isn't an option? Did you not read where I wrote "If forcing a registration and email verification is not an option your only other choice is to...".
I've created alot of these systems, both are possible but cheating can never be stopped at anyway, if some users want to register multiple names/addresses they can do that! even automatic!!! My polling sites are working with a system based on ip information and cookies, cookies for the 'fast check' and if that doesn't work, check the other ip / browser information against the data in the database! you can never beat a real cheater! (my experience)